Eliminating Blind Spots in Vendor Risk Management

This white paper discusses the challenges and changes in vendor and supply chain risk management, particularly in light of the disruptions caused by the year 2020. It outlines the historical context of risk management in personal and professional relationships, emphasizing the importance of trust and dependability in business partnerships. The document details the inadequacies of traditional compliance assessments, such as SOC 2 and ISO certifications, in addressing specific supply chain risks. It highlights the emergence of the SOC for Supply Chain report, introduced by the AICPA, as a solution to provide relevant information for managing supply chain risks. This report aims to fill the gaps left by previous compliance frameworks, offering a more comprehensive evaluation of vendors, including those that produce goods and software. The white paper concludes by advocating for a more robust risk management approach that includes independent third-party assessments to enhance the reliability of vendor information.