Developing New Framework for Vendor Risk Assessment by Comparative Analysis

Authors

  • Akilnath Bodipudi Cyber Merger and Acquisition, Sr Security Engineer, Common Spirit Health, Salt Lake City, Utah, USA Author

DOI:

https://doi.org/10.47363/JMCA/2024(3)186

Keywords:

Vendor Risk Assessment, NIST SP 800-161, ISO 27001, SIG, Risk Management, Supply Chain Security, Regulatory Compliance, Industry-Specific Frameworks

Abstract

Vendor risk assessment is a critical component of comprehensive risk management strategies, particularly in an era characterized by complex supply chains and increasing reliance on third-party vendors. This paper aims to provide a comparative analysis of prominent vendor risk assessment frameworks, including NIST SP 800-1C1, ISO 27001, and the Shared Assessments Program’s Standardized Information Gathering (SIG) questionnaire. By evaluating these frameworks against key criteria such as comprehensiveness, scalability, regulatory compliance, and ease of implementation, this study identifies their respective strengths and weaknesses. Furthermore, the paper explores the development of a tailored vendor risk assessment framework designed to address the unique challenges and requirements of specific industries. Through case studies and expert interviews, the proposed framework is tested and validated to ensure its effectiveness in mitigating vendor-related risks while enhancing overall organizational resilience.

Author Biography

  • Akilnath Bodipudi, Cyber Merger and Acquisition, Sr Security Engineer, Common Spirit Health, Salt Lake City, Utah, USA

    Akilnath Bodipudi, Cyber Merger and Acquisition, Sr Security Engineer, Common Spirit Health, Salt Lake City, Utah, USA. 

Downloads

Published

2024-03-25

Issue

Vol. 3 No. 2 (2024): Volume 3 Issue 2

Section

Articles