Traditionally, vendor life cycle management incorporates five primary categories: qualifying, engagement, managing delivery, managing finances, and relationship termination. However, as data breach risk increases, companies need to include reviewing information security as a sixth category in the life cycle. Due diligence during the qualification step incorporates information security management. However, threats evolve continuously meaning that organizations need to review information security over the entire life cycle, not just at a single point.
Login to your subscription to download this template for guidance in auditing vendors.