Vendor Risk Assessment Matrix
If you’re looking to effectively manage supply chain security risks, this is your essential tool. It categorizes vendors into low, medium, and high risk using a simple triaging process, guiding the assessment frequency and method. It covers various assessment types, including self-attestation, third-party assessments, OSINT/scoring, technical assessments, validated assessments, and onsite evaluations. It highlights key considerations such as data confidence, assessment constraints, and vendor participation, providing a comprehensive framework for effective vendor risk management.
This cheat sheet supports the content taught in SEC547 Defending Product Supply Chains and was created by Tony Turner.
August 6, 2024
