Stratifying vendors by risk – please oh please, apply this to your application portfolios and our immensely interwoven world

One exciting area I have been digging into is the mixing of risk management and application portfolio development. As we see greater and greater abstraction of services (software eating world), we also have an ever increasing dependency on a multitude of developers, service providers, start-ups, legacy tech companies, and many other institutions.

If you are in application development and list of the pipeline deployment technology and all of the interacting systems, you’ll easily list out 30+. Each of these have the potential of impacting your business, your customer experience, and ultimately your viability as a product.

I found this third party risk management point of view to be insightful (full transparency, I work for this firm), and recommend a review from the application perspective. It is dated, but insightful. I particularly like the risk stratification highlights on page 7 that include:

Service Risks:

  1. Volume of transactions
  2. Concentration associated with service
  3. Sensitivity risk of the data vendor has access
  4. Compliance & regulatory risks
  5. Customer & financial impact

Vendor Risks:

  1. Location of vendor (privacy impacts)
  2. Previous data or security breaches
  3. Extent of outsourcing performed
  4. Performance history

Read more here

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s