CobiT definition:
The need to assure that services provided by third parties (suppliers, vendors and partners) meet business requirements requires an effective third-party management process. This process is accomplished by clearly defining the roles, responsibilities and expectations in third-party agreements as well as reviewing and monitoring such agreements for effectiveness and compliance. Effective management of third-party services minimises the business risk associated with non-performing suppliers.
Control over the IT process of
Manage third-party services
that satisfies the business requirement for IT of
providing satisfactory third-party services whilst being transparent about benefits, costs and risks
by focusing on
establishing relationships and bilateral responsibilities with qualified third-party service providers and monitoring the service delivery to verify and ensure adherence to agreements
is achieved by
- Identifying and categorising supplier services
- Identifying and mitigating supplier risk
- Monitoring and measuring supplier performance
and is measured by
- Number of user complaints due to contracted services
- Percent of major suppliers meeting clearly defined requirements and service levels
- Percent of major suppliers subject to monitoring
Control objectives:
DS2 Manage Third-party Services
DS2.1 Identification of All Supplier Relationships
DS2.2 Supplier Relationship Management
DS2.3 Supplier Risk Management
DS2.4 Supplier Performance Monitoring
Check out the links for details on the control objectives.
No related posts.