In the definition of operational risk above, supplier management risk was listed as a
key operational risk. Technology suppliers pose very difficult operational risks due
to the reliance firms have on technology as a whole. Key questions to ask are:
Ω Does the third party have a security policy?
Ω Does the policy describe organizational measures to safeguard the security of
information and service provision on behalf of its clients)?
Ω Do suppliers have business recovery plans?
Ω Are there any service level agreements (SLAs) in place?
Some lessons can also be learnt in relation to questions often asked of risk
management systems suppliers during the process of evaluation:
Ω Do you support all versions of your software or only the current and previous
version?
Ω How many people do you employ?
Ω What are your growth plans in terms of headcount over the next three years?
Ω How reliant are you on the performance of third-party suppliers?
The last question is never-ending in reality as you could ask how reliant the thirdparty
is on third parties.
Hiç yorum yok:
Yorum Gönder