GRCBUS
Get compliant, stay compliant
Services Portfolio
Packaged Solutions
Vendor Management
Due Diilgence Services
Technology Audits
Our Partners
Case Studies
Contact Us
Buck's Blog
Home
Vendor Management Audits & Services
 
The supply chains (be it products or services) are longer than ever and increasingly span the globe. While a customer organization may not even know all the players on a complex supply chain, it continues to be responsible for all the regulatory compliance, governance as well as financial and reputational risks arising from any inappropriate handling of information, theft, disclosures or abuses.
 
GRCBUS offers a comprehensive oversight and audit program to help you manage your service provider vendor relationships. We provide a point-in-time review or audit to baseline the status of a vendor or provide an on-going vendor management service to ensure the vendors perform as expected every day. Often, both services are combined to first baseline, get remediation executed by the vendor and then monitor on-going compliance.
 
 
How does it help you? 
Your business may operate in one country or multiple countries. You are responsible for complying with all the regulations that apply to you in each of these countries. They cover Financial Reporting (eg SOX), Protected Health Information (PHI - HIPAA), Credit Card Security (PCI DSS), Data Privacy (GLBA, SB 1386). Similarly, you may follow governance standards such COBIT, ITIL, ISO 27001, SEI CMM, OWASP, PMBOK, Prince2 and others in different areas of your technology operations. Whether you comply with these or not really depends on whether your vendors have the process maturity to comply with these regulations and frameworks.
 
Then you have SAS-70 (type I and II) which an explicit guidance for service providers who service a US corporation. If they don't comply, you are out of compliance.
 
How do you know your vendors understand all this, have the process maturity to comply and your sensitive data, third-party obligations, business secrets and reputation are in safe hands 24*7?

 
Our Vendor Management Audit &  Services Program 
Each of our specialists bring 20 to 30 years of experience in setting up and running service provider operations in the IT industry. They also bring specialized knowledge and certifications in IT Governance, Security, Auditing and related areas. Having run very large global, offshore programs with multi-million dollar budgets, 100 to 1200 resource base and five year+ program durations, we understand the nuances & the gaps thru which things can fall and know how to protect your business from these risks. Very strong process expertise, coupled with regulatory, security and framework expertise, allows us to design and deliver a set of services that will provide the assurance you need on your vendor performance.