How often does procurement include cyber risk assessment requirements in their engagement requests?

Third Party Risk Management (TPRM)Security Strategy & Roadmap

Always17%

Often40%

Sometimes26%

Rarely13%

Never1%

Not sure

423 PARTICIPANTS

3.1k views1 Comment

Sort by:

CTO2 years ago

It depends on the size of the business. In my experience, most of the publicly listed companies' procurement team will have this requirement as part of due diligence of vendor onboarding process.

For private companies, it depends on the size and agility of the business that matters the most.

Another driver for this requirement comes from regulatory compliance side and that too depends on which sector the company is operating.

Content you might like

We implemented Oracle HCM recently including Redwood. Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

I'm looking for an open-source IGA solution, has anyone had any experience they can share?

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

I'm interested in understanding how your organizations estimate the complexity of digital initiatives, particularly as a basis for applying appropriate project management governance. In other words, how do you assess initiative complexity in order to determine the level or type of governance needed?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%