Global IT association ISACA has released a new guide applying the internationally accepted COBIT 5 governance framework to help enterprises effectively manage vendors.
Vendor Management: Using COBIT 5 provides practical action items for all stakeholders involved in the vendor-management process, from the board and C-level executives to the legal department and IT. It outlines:
- Life cycle stages and stakeholders.
- Good practices to manage threats and risk.
- How to manage a cloud service provider.
- Practical service level agreement (SLA) templates, checklists and examples (available for download in an online toolkit).
- A case study outlining the consequences of ineffective vendor management.
- A high-level mapping of COBIT 5 and ITIL V3 for vendor management.
Nikolaos Zacharopoulos, CISA, CISSP, senior IT auditor at DeutschePost-DHL and member of ISACA’s Guidance and Practices Committee, said: "Recent research from the IT Policy Compliance Group reveals that approximately one out of five enterprises does not invest sufficient effort to manage vendors and vendor-provided services effectively.
"This means that enterprise requirements and standards are not properly incorporated into vendor contracts, ownership of information being handled by vendors remains unclear, and access to information is not guaranteed if the vendors go out of business."