The client for this engagement is currently in the ASX top twenty with global operations and a complex supplier network.


One of the key strategy items of the client’s head of security was to gain stricter control of their vendor relationships. Until that point there was a strong focus on a limited number of high risk suppliers and the only assurance carried out was following an incident or a near miss.

Our role

elevenM delivered a review of the existing vendor management procedures and reported back to the client on areas for potential uplift. This then led to the development of a NIST based holistic yet practical vendor management framework

The specifics 

elevenM carried out the following activities:

  • A current state review against good practice
  • Development of a roadmap to lift the maturity
  • Development of corporate policies relating to vendor management
  • Development of a vendor risk tiering model
  • Development of a set of NIST based vendor assessments aligned to the policies
  • Development of vendor risk reporting