2019 Whitepaper SME review: Vendor Risk Management

ISACA is looking for volunteers with experience in risk and vendor risk management to provide subject matter expert (SME) review feedback on a sponsored whitepaper on the topic of Vendor Risk Management which will address the following:

1. Introduction
2. Definitions
3. Governance
1. Roles
2. Organizational procurement
1. Contracting
4. Risk Assessment
1. Vendor triage
2. Vendor control assessments
5. Risk Analysis
1. Scenario development
2. Cyber Risk Quantification (CRQ)
3. Risk Rating Assignment
4. Risk-based capital exercises
6. Post assessment follow up and monitoring
1. Closeout activities
2. Issue management
3. Risk governance committee/Board reporting
4. Ongoing monitoring activities and cadence

Anticipated outcomes:

• A SME reviewed whitepaper which explains the need for a risk management process when engaging with vendors and third parties.
• Accepted Subject Matter Experts will receive the draft white paper for review by May 24, 2019 via email and must submit comments/edits using MS Word by June 7th.

Volunteer Criteria:

• Practitioners and leaders in: Information Security, Information Assurance, Privacy, and Compliance.
• ISACA Membership is not required.
• Fluency in reading and writing English.

Volunteer benefits:

• Up to 3 CPE credits (max. 20 annually) in the area of Contributions to the Profession, to be posted upon successful completion of review (if volunteer holds ISACA certification(s).)
• Acknowledgement in the publication and access to the free download.
• Influence content published by ISACA to ensure material is accurate and useful for the professional community.

All volunteers must have an ISACA Participation Agreement on file.  To see if your agreement is active, visit your volunteer profile. Access all volunteer policies here.