Cyber security organization has the highest responsibility in ensuring that there are no risks and threats by engaging third-party vendors who provide services or products to the organization.
It is the responsibility of the cyber security organization to ensure that every vendor who may have access to the Organization’s Information, either physically, logically, directly, indirectly or remotely are subjected to the vendor risk assessment process and put under the vendor governance program.
The Vendor Governance program will be discussed in detail in a separate post. As with governing the Information security, vendors need to be continually monitored for the possible risks to the Organization.
Leave a Reply