The 3 Lifecycle Stages of Vendor Security Risk Management: Onboarding
This is the first of a three-part series on vendor risk management through the lifecycle of the relationship. Today, we focus on steps to achieve a proper and friction-free onboarding process.
The Vendor Relationship: Stages in the Lifecycle
Traditional brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define organizations. The modern organization is an interconnected mess of relationships and connections that span traditional business boundaries. Complexity grows as these interconnected relationships, processes, and systems nest themselves in intricacy. Today, business is interconnected in a flat world in which over half of the organization’s ‘insiders’ are no longer traditional employees, but are third parties such as contractors, consultants, temporary workers, outsourcers, service providers, and vendors.
An organization can face disruption and disaster by establishing or maintaining the wrong business relationships. Third party security problems are the organizations problems that directly impact the brand and reputation while increasing exposure to risk and compliance matters. When questions of security arise, the organization is held accountable, and it must ensure that third party partners behave appropriately.
Today’s organization requires complete situational and holistic awareness of third party security and its connection to and impact on operations, processes, transactions, and data. It has become essential that organizations govern third party relationships throughout the lifecycle of the relationship:
- Onboarding
- Ongoing monitoring
- Offboarding
Today we will look at the first stage of onboarding a third party relationship, ensuring the organization is doing business with the right third parties as they are brought onboard before network connections are established and data shared.
Approaches to Onboarding
There are a variety of approaches to onboarding as part of . . .
[this is a guest blog authored by Michael Rasmussen of GRC 20/20 that can be found at Panorays site, follow the link below to read more]