Supplier Management Toolkit: Cybersecurity Risk Management in the Supplier Life Cycle
Executive Brief
26 Jan 2022
by
Amy Fong, Bhanushee Malhotra, Kumar Avijit, Sakshi Nigam
This report is available only to Outsourcing Excellence/Cybersecurity members. For information on membership, please contact us
Organizations run significant risks, both financial and operational, when they do not periodically assess the security risks vis-à-vis their strategic suppliers. Such an assessment requires an evaluation of suppliers’ criticality to determine whether they support critical businesses and/or are critical in terms of security, and accordingly conduct periodic risk assessments to ensure data-/evidence-driven decision-making. In this executive brief, Everest Group analysts provide best practices for a well-defined cyber risk management process across the supplier life cycle, incorporating best practices from industry standards such as ISO 27001-2, ISO 27036-2, and ISO 27701:2019.
Note: Everest Group publishes Executive Briefs for senior executives from enterprises. These briefs address hot industry topics and particularly challenging issues of the day in an easy-to-digest format.
This report is available only to Outsourcing Excellence members. For information on membership, please contact us
A key role of the Vendor Management Office (VMO) is to drive innovation from its most strategic suppliers, that is, those with the…