Virtual Cyber & Technology Risk Management Forum

First page Table of contents Previous page 45 Next page Last page

• NOTE: there is NO guidance, standard, or baseline for creating the # of vendor levels • Regulatory guidance states to perform ongoing management (contract review, due diligence) for “critical” vendors • SBS uses 4 Vendor Levels o Critical (Level 1) o Significant (Level 2) o Non-Essential (Level 3) o Exempt (Level 4) • https://sbscyber.com/resources/vendor-management-how-should-i- categorize-my-vendors Determine How Many Levels

© 2020 SBS CyberSecurity, LLC www.sbscyber.com

23

Made with FlippingBook Publishing Software