ISACA helps enterprises manage vendors using the COBIT 5 Framework

As enterprises increasingly rely on cloud service providers and other vendors to provide fundamental services, the related risk becomes more significant. Global IT association ISACA has released a new guide applying the internationally accepted COBIT 5 governance framework to help enterprises effectively manage vendors.

  • 11 years ago Posted in

Vendor Management: Using COBIT 5 provides practical action items for all stakeholders involved in the vendor-management process, from the board and C-level executives to the legal department and IT. It outlines:
· Life cycle stages and stakeholders
· Good practices to manage threats and risk
· How to manage a cloud service provider
· Practical service level agreement (SLA) templates, checklists and examples (available for download in an online toolkit)
· A case study outlining the consequences of ineffective vendor management
· A high-level mapping of COBIT 5 and ITIL V3 for vendor management


“Recent research from the IT Policy Compliance Group reveals that approximately one out of five enterprises does not invest sufficient effort to manage vendors and vendor-provided services effectively,” said Nikolaos Zacharopoulos, CISA, CISSP, senior IT auditor at DeutschePost-DHL and member of ISACA’s Guidance and Practices Committee. “This means that enterprise requirements and standards are not properly incorporated into vendor contracts, ownership of information being handled by vendors remains unclear, and access to information is not guaranteed if the vendors go out of business.”


The ISACA publication emphasizes that IT vendor management is not solely IT’s responsibility, and clarifies the responsibilities of stakeholders within the enterprise.


“As companies worldwide are turning toward fewer—but much more integrated—vendors, they are benefiting from a single point of contact. However, they are simultaneously increasing risk to the enterprise, and that risk needs to be managed rigorously by all stakeholders,” said Zacharopoulos. “The COBIT 5 framework provides tested guidance to help them effectively govern these relationships so they deliver maximum value with minimum risk.”
Vendor Management: Using COBIT 5 and a related online tool kit are available at www.isaca.org/vendor-management. ISACA members can download the ebook and tool kit free of charge. The COBIT 5 framework publication is available as a free download at www.isaca.org/cobit.
 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Palo Alto Networks has introduced Prisma® Cloud 3.0, said to be the industry’s first integrated...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...