Vendor and SLA audit are usually part of internal audit programme. In SEE countries supplier relationships, selection process, performance and compliance are regulated in financial/banking sector.
Depending on the framework/controls used by customer and supplier we provide detailed reports on vendor or SLA audit. Report methodology includes:
- Obligatory controls from ISO27001
- Control goals and management practice from COBIT5 APO9 and APO10 processes
- Vendor management using COBIT5 good practice (includes high level mapping for ITIL v3)
- NIST/ENISA based cyber processes
- Other methodologies and frameworks required by customer.