Vendor management is becoming an increasing concern in today’s IT and enterprise environments. With increased regulatory scrutiny of third parties comes additional overhead for organizations that may not be able to adequately assess the risk for these relationships. Not only are there third parties to be considered, but now it’s important to evaluate their sub-contractors, also known as fourth party relationships. How far down the supply chain must you consider the risk? Furthermore, examiners have different expectations depending on your regulatory requirements within your environment, including:
- SOC 2 (SSAE 18)
- HIPAA / HITECH
- FDA 21 CFR Part 11
- European Union’s General Data Protection Regulation (GDPR)
- New York State’s Cybersecurity Regulations
- Singapore’s Computer Misuse and Cybersecurity Act
Our team has helped many organizations navigate the increasingly complex world of vendor management. For some of our clients, we have helped them to build comprehensive programs to evaluate these relationships, as well as to complete the assessments of vendors and partners. For other clients, we’ve assisted with creating reports that can be provided to vendors and partners to define the controls within the environment and show that these have been adequately tested by an unbiased third party. No matter which side of the relationship you find yourself, we can help.