Strategy and Governance /

Developing an Effective Vendor Risk Management Strategy

vendor risk management white paper

Effective Vendor Risk Management revolves around ensuring that third party vendors implement clear and comprehensive controls across their environment in order to minimise risk for their clients.

In order to gain real value from a Vendor Risk Management strategy, the CIO (or the person in his/her team responsible for managing information security between the organisation and the vendors) must ensure the right controls are in place – identifying any deficiencies and driving forward remedial actions (before anything goes seriously wrong).

Although vendors may have clear contractual obligations relating to the services they are required to deliver, it’s vital that they are both aware and focused on the controls environment within which they must deliver them.

A successful Vendor Risk Management strategy can be the vehicle to maintain the vendors focused on controls, which are the only factor that can reduce risk in the first place.

From establishing an organisation-wide Governance Framework, to identifying medium and high risk vendors based on the maturity of their controls in order to prioritise action with them, our whitepaper ‘Building a Vendor Risk Management Practice that delivers real value’ offers a complete five step process for programme managers and a number of practical “do’s and don’ts” derived from real field experience to effectively address vendor risk across the entire organisation:

  1. Building a clear Governance Framework from the start
  2. Building & Maintaining a full Vendor Inventory
  3. Classifying Vendors based on Business Relevance
  4. Mapping Vendors on a Controls Maturity Map
  5. Building a Programme of Work highlighting High and Medium Risk Vendors based on the results of the Controls Maturity Map

Click the link to download our complete whitepaper ‘Building a Vendor Risk Management Practice that delivers real value’.


Corix Partners is a Boutique Management Consultancy firm, with over 20 years of real world experience in the information security sector. We specialise in assisting CIOs and other C-level executives in resolving matters of Security Strategy, Organisation and Governance challenges. Contact us today to see how we can help to build a secure future for your business.