| The process and the activities involved in risk | | | | There is now an emerging trend in the business |
| management can become tedious and | | | | community where a formal group of business |
| complicated. However, if we consider the potential | | | | organizations have recently come up with their |
| losses and impact that a negative business | | | | standard provider threat evaluation program. The |
| scenario brings to the company, then we can | | | | general idea of this new approach is for all the |
| easily appreciate the immediacy and importance | | | | member companies to select providers from their |
| of comprehensive vendor risk assessment | | | | pool of accredited service providers and use a |
| program. On a positive note, companies can now | | | | single instrument in assessing the business threats |
| avail of new approaches in evaluation of business | | | | of a particular outsource proposal. |
| threats using automated and simplified techniques. | | | | This setup provides synergy in the way member |
| We may put the blame on provider threat | | | | organizations are able to make their final |
| evaluation concerns for all the mounting | | | | evaluation and evaluation of a particular service |
| paperwork that the company must handle in the | | | | provider as they can share information and |
| conduct and management of an effective and | | | | consult among themselves for a particular |
| productive provider-buyer relationship. These are | | | | business threat concern on a member company. |
| the necessary evils that the organization must live | | | | This expedites the entire evaluation process and |
| with in order to manage the threats that such | | | | broadens the scope by which an evaluation is |
| outsourcing activity brings to the business | | | | going to be based. |
| organization. | | | | In retrospect, we can consider this as a very |
| For those who are involved in the business | | | | promising approach which can be adopted by |
| activities relating to transactions with an external | | | | other companies who are facing the same issues |
| provider, it is essential that decisions and actions | | | | and concerns. Such motivation to group and share |
| are understood and supported. Be that as it may, | | | | information and resources in order to manage the |
| one must prepare at all times as such threat | | | | possible threats that an outsourcing job may bring |
| evaluation can be a very complicated and | | | | to a company, may even bring fierce competitors |
| stressful undertaking especially for those given | | | | together in a group in order to come up with a |
| the unenviable responsibility of implementing one. | | | | more relevant and effect business threat |
| The questionnaire aspect, though considered by | | | | evaluation program for their respective |
| many as one of the more challenging part of the | | | | companies. This is akin to getting in bed with your |
| task, has significant importance in meeting the | | | | enemies. Yet, if we consider the benefits that a |
| overall objective of the provider threat evaluation | | | | company gets in such an arrangement, most will |
| undertaking. What makes the job doubly difficult is | | | | definitely embrace this approach as we all agree |
| the failure by information security specialist in | | | | that there is power in numbers. A company can |
| paving the way for a more efficient way of | | | | achieve more through the extended support of |
| assessing programs involving security, information | | | | an organization that exist for a common concern |
| and systems. | | | | and motivation of member companies. |