BANGALORE: As enterprises progressively more and more rely on cloud service providers and other vendors to be able to deliver fundamental services, the related risk certainly becomes more significant.
Global IT association ISACA has released a guide applying the internationally accepted COBIT 5 governance framework to assist enterprises efficaciously manage vendors.
The significance of managing vendors and mitigating the related risks became evident at the recent massive security breach that took place at Target, the third-largest U.S. retailer.
Hackers stole about millions of credit and debit card records, as well as personal information, including postal and e-mail addresses and phone numbers, belonging to about 70 million clienteles of Target.
The hackers from their part managed to break into the payments network of the Target by primarily breaching a data connection sandwiched between the retailer and its HVAC (heating, ventilation, and air conditioning) vendor, Fazio Mechanical Services, which the latter used for billing Target and exchanging contract and project management information with the retailer.
Vendor Management: Using COBIT 5 delivers practical action items for all stakeholders involved in the vendor-management process, from the board and C-level executives to the legal department and IT. It outlines:
- Life cycle stages and stakeholders
- Good practices to manage threats and risk
- How to manage a cloud service provider
- Practical service level agreement (SLA) templates, checklists and examples (available for download in an online toolkit)
- A case study outlining the consequences of ineffective vendor management
- A high-level mapping of COBIT 5 and ITIL V3 for vendor management