The number of institutions that carry out some or all of their activities thanks to the services they receive from vendors (service organizations, external service providers, support service organizations, technology companies such as FinTech, InsurTech and RegTech, etc.) due to different reasons such as increasing costs and developing technology is increasing day by day. This situation highlights the expectations of the institutions in order to meet their business needs by the vendors, the requirements for the improvement of the related processes and the assurance activities that should be carried out in order to meet these expectations.
You can find the services we offer below to improve your information technology vendor risk management and governance structure for service recipients and to improve relevant processes for service providers:
- Evaluation, creation and improvement of vendor risk management and governance structure
- Evaluation, design and improvement of vendor management processes and controls in line with good practices, internationally accepted framework and standards and legislation
- Determining the roles and responsibilities of vendors in processes such as governance, operation, security and continuity regarding information technologies
- Evaluation of process maturity levels related to vendor management, comparison of maturity levels and preparation of improvement roadmap
- Evaluation, creation and improvement of the supply model (internal source / outsource, cloud, etc.) and supply / vendor inventory
- Evaluation, creation and improvement of the Vendor Management Plan
- Risk analysis and technical evaluation of vendors
- Evaluation, design and improvement of vendor quality and performance management processes and controls in line with good practices, internationally accepted framework and standards and legislation
- Determination of vendor service levels (SLA)
- Evaluation, design and improvement of processes and controls regarding the services provided by vendors in line with good practices, internationally accepted framework and standards and legislation
- Conducting audits in line with local and international standards such as GDS3402, ISAE3402, SOC-1-2-3 etc. for assurance needs regarding the services provided by vendors
- Auditing in line with contractual requirements regarding the services provided by vendors
- Providing evaluation and selection support for vendors
- Providing selection, installation and management support regarding systems, applications and tools used in information technology processes, business processes and corporate support processes and related services and management support (ITSM, SIEM, demand and change management, asset management, license management, backup, security etc. systems and operational systems where main activities are carried out, accounting, human resources and purchasing systems)