The client for this engagement is currently in the ASX top twenty with global operations and a complex supplier network.
One of the key strategy items of the client’s head of security was to gain stricter control of their vendor relationships. Until that point there was a strong focus on a limited number of high risk suppliers and the only assurance carried out was following an incident or a near miss.
elevenM delivered a review of the existing vendor management procedures and reported back to the client on areas for potential uplift. This then led to the development of a NIST based holistic yet practical vendor management framework
elevenM carried out the following activities:
- A current state review against good practice
- Development of a roadmap to lift the maturity
- Development of corporate policies relating to vendor management
- Development of a vendor risk tiering model
- Development of a set of NIST based vendor assessments aligned to the policies
- Development of vendor risk reporting