Step 1: Identify the service providers
Think about all the ways money flows in and out of the company. Those flows of money are typically going to or through service providers that your company depends on.
Some examples of service providers:
Step 2: Prepare a risk profile for each service provider
Disruptions caused by a service provider can result in significant and unexpected harm to your company.
To identify and quantify these risks, print out and fill out the Service Provider Risk Profile form (later in this document), once for every service provider. A sample filled out risk profile form is also included in this document.
Explanation of the fields:
Step 3: Analysis and Actions
A set of service provider risk profiles gives you a starting point for broader conversations at your company:
Step 4: Update the risk profiles yearly
Creating risk profiles isn’t a one time thing. We’ve found the need to update our risk profiles yearly. How often you need to do so depends on the rate at which your company evolves.
We’ve had to update our risk profiles when:
Identified Risks (describe type of risk and risk level)