Vendor Management
Questi contenuti non sono ancora disponibili nella tua lingua.
Prerequisites
Section titled “Prerequisites”- Security questionnaire, DPA template, risk categorization.
- Evaluate: security posture, certifications, data flows, retention, and exit.
- Contract: DPA/SCCs, breach SLAs, subprocessor disclosures.
- Onboard: least-privilege access, key management, logging.
- Review: annual risk review, usage, costs, and alternatives.
- Offboard: revoke access, export data, confirm deletion.
Validation
Section titled “Validation”- Vendors have required controls; access and cost are right-sized.
Troubleshooting
Section titled “Troubleshooting”- Shadow tools: centralize procurement and SSO.
Time/Impact
Section titled “Time/Impact”- 2–6 weeks depending on risk. Reduces exposure and surprises.