CobiT definition:
The need to assure that services provided by third parties (suppliers, vendors and partners) meet business requirements requires an effective third-party management process. This process is accomplished by clearly defining the roles, responsibilities and expectations in third-party agreements as well as reviewing and monitoring such agreements for effectiveness and compliance. Effective management of third-party services minimises the business risk associated with non-performing suppliers.
Control over the IT process of
Manage third-party services
that satisfies the business requirement for IT of
providing satisfactory third-party services whilst being transparent about benefits, costs and risks
by focusing on
establishing relationships and bilateral responsibilities with qualified third-party service providers and monitoring the service delivery to verify and ensure adherence to agreements
is achieved by
- Identifying and categorising supplier services
- Identifying and mitigating supplier risk
- Monitoring and measuring supplier performance
and is measured by
- Number of user complaints due to contracted services
- Percent of major suppliers meeting clearly defined requirements and service levels
- Percent of major suppliers subject to monitoring
Control objectives:
DS2 Manage Third-party Services
DS2.1 Identification of All Supplier Relationships
DS2.2 Supplier Relationship Management
DS2.3 Supplier Risk Management
DS2.4 Supplier Performance Monitoring
Check out the links for details on the control objectives.
Related posts:
- DS1 Define and Manage Service Levels CobiT definition: Effective communication between IT management and business customers regarding services required is enabled by a documented definition of...
- AI5 Procure IT Resources CobiT definition: IT resources, including people, hardware, software and services, need to be procured. This requires the definition and enforcement...
- PO8 Manage Quality CobiT definition: A QMS is developed and maintained that includes proven development and acquisition processes and standards. This is enabled...
- PO9 Assess and Manage IT Risks CobiT definition: A risk management framework is created and maintained. The framework documents a common and agreed-upon level of IT...
- PO4 Define the IT Processes, Organisation and Relationships CobiT definition: An IT organisation is defined by considering requirements for staff, skills, functions, accountability, authority, roles and responsibilities, and...
