We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
As enterprises increasingly rely on cloud service providers and other vendors to provide fundamental services, the related information security risks become more significant - as recent heavily publicised data breaches show quite clearly. To help, global IT association ISACA has released an informative and practical guide that applies the internationally accepted COBIT 5 governance framework to assist enterprises in effectively managing vendors.
Vendor Management: Using COBIT 5 provides practical action items for everyone involved in the vendor-management process, from the board and C-level executives to the legal and IT departments. It outlines:
· Life cycle stages and stakeholders
· Good practices to manage threats and risk
· How to manage a cloud service provider
· Practical service level agreement (SLA) templates, checklists and examples (available for download in an online toolkit)
· A case study outlining the consequences of ineffective vendor management
· A high-level mapping of COBIT 5 and ITIL V3 for vendor management
“Recent research from the IT Policy Compliance Group reveals that approximately one out of five enterprises does not invest sufficient effort to manage vendors and vendor-provided services effectively,” said Nikolaos Zacharopoulos, CISA, CISSP, senior IT auditor at DeutschePost-DHL and member of ISACA’s Guidance and Practices Committee. “This means that enterprise requirements and standards are not properly incorporated into vendor contracts, ownership of information being handled by vendors remains unclear, and access to information is not guaranteed if the vendors go out of business.”
The ISACA publication emphasises that IT vendor management is not solely IT’s responsibility, and clarifies the responsibilities of stakeholders within the enterprise.
“As companies worldwide are turning toward fewer—but much more integrated—vendors, they are benefiting from a single point of contact. However, they are simultaneously increasing risk to the enterprise, and that risk needs to be managed rigorously by all stakeholders,” said Zacharopoulos. “The COBIT 5 framework provides tested guidance to help them effectively govern these relationships so they deliver maximum value with minimum risk.”
