ISACA unveils COBIT 5 Framework for vendor management

MUMBAI, INDIA: ISACA has released a guide applying the internationally accepted COBIT 5 governance framework to help enterprises effectively manage vendors. As enterprises increasingly rely on cloud service providers and other vendors to provide fundamental services, the related risk becomes more significant.

The importance of managing vendors and mitigating the related risks became evident at the recent massive security breach that took place at Target, the third-largest US retailer.

"With India being among the favoured IT/ITES outsourcing destination, there are often client concerns around managing vendors and vendors' understanding on client expectations regarding value and risk management in outsourced IT/ITES services and solutions. The ISACA publication provides highly usable insights into the various IT governance dimensions of understanding, governing and managing value and risk surrounding vendor relationships," said Vittal Raj, International VP of ISACA.

Hackers stole about millions of credit and debit card records, as well as personal information, including postal and e-mail addresses and phone numbers, belonging to about 70 million customers of Target.

The hackers managed to break into the payments network of the Target by initially breaching a data connection between the retailer and its HVAC (heating, ventilation, and air conditioning) vendor, Fazio Mechanical Services, which the latter used for billing Target and exchanging contract and project management information with the retailer.