| Vendor risk management is now a very important | | | | particular to the partnership. This is particularly |
| concept that needs meticulous planning. It is a | | | | important for companies that relates to data sharing |
| necessity and also a policy that many companies are | | | | and the outsourcing of business functions and |
| following for greater efficiency and profit. | | | | processing. Vendor risk management is a standard |
| There are many Third party vendors or direct | | | | practice today and has matured to an extent where |
| company vendors are present in many industries | | | | some leading financial industry groups such as BITS |
| including software, hardware etc. Today it is an | | | | have standardized the process significantly through |
| integral part of business to manage information and | | | | their Standard Information Gathering (SIG) and |
| knowledge, as it is the most important asset of an | | | | Agreed upon Procedures (AUP) standards. The use |
| organization. Information security, legal | | | | of these standards or their derivatives helps |
| documentation, trademarks, patents, copyright are | | | | organizations quantify the risk that may be involved |
| some traditional and newly evolved concepts. Starting | | | | with their vendors and then incorporate appropriate |
| from design to concept today all can be patented or | | | | risk lessening techniques and measures to alleviate |
| protected by legal documentation. | | | | the risk. |
| Today companies assess the brand value, customer | | | | Vendor risk management process helps organizations |
| information, internal customer satisfaction report, | | | | to operate in a mutually secured environment that |
| past and present client information before handing | | | | encircles security of organizations information, |
| over non public information to vendors, like credit | | | | customer data and also third party vendor's |
| card details, bank information, even address phone | | | | operational security. It does not eliminate but certainly |
| numbers in mailing and calling lists, (PCI DSS | | | | minimize security concerns involved in third party |
| Requirement 12.8 similarly requires covered entities to | | | | production of good and services, processing of |
| maintain a list of service providers with whom card | | | | information and handling data and process. This also |
| holder data is shared.) To back up the institution's | | | | enables the third party vendors to draw border line |
| vendor risk assessments in conversations with | | | | for their employees on basis of certain legal or |
| regulators and auditors, it is also helpful to keep | | | | agreed points within which they have to deliver and |
| handy files containing due diligence and audit reports | | | | work. So it is mutually benefiting the principle |
| on the vendors or summaries of such reports. | | | | organization and the vendor creating a secured |
| Vendor risk management is the process organizations | | | | platform of operation where both can deliver |
| analyze not only from the point of view of past | | | | excellent product or service to their customers or |
| experience but also in case to case basis that can be | | | | interest groups. |