Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Policy Critical Vendor Policy

            Created by Venkat Pothamsetty, Modified on Mon, 30 Jun at 12:53 PM by Venkat Pothamsetty

            Critical Vendor Policy - Korr

            Purpose

            This policy establishes requirements and guidelines for managing critical vendor relationships, with a specific focus on AWS as Korr's primary cloud infrastructure provider. It aims to ensure business continuity, risk management, and vendor performance monitoring.

            Scope

            This policy applies to vendors deemed critical to Korr's core business operations, particularly AWS cloud services.

            Policy Owner

            The DevOps/Security team owns this policy and is responsible for its maintenance and enforcement.

            Critical Vendor Definition

            A critical vendor is one whose services are essential to Korr's core business operations and whose disruption would significantly impact business continuity.

            Current Critical Vendors

            VendorServiceCriticalityRisk Level
            AWSCloud Infrastructure & ServicesCriticalHigh

            AWS Vendor Management Requirements

            1. Service Level Agreements (SLAs)

              • Monitor AWS service availability and performance
              • Track compliance with agreed-upon SLAs
              • Regular review of service metrics
              • Document and escalate SLA violations

            2. Risk Assessment

              • Annual risk assessment of AWS services
              • Review of AWS security controls
              • Evaluation of business impact scenarios
              • Documentation of risk mitigation strategies

            3. Business Continuity

              • Maintain disaster recovery plans
              • Regular testing of failover procedures
              • Documentation of recovery processes
              • Review of AWS backup solutions

            4. Performance Monitoring

              • Regular review of AWS service metrics
              • Cost optimization analysis
              • Resource utilization tracking
              • Incident response effectiveness

            5. Compliance Requirements

              • Monitor AWS compliance certifications
              • Review security assessment reports
              • Track regulatory requirements
              • Document compliance gaps

            Vendor Review Process

            1. Quarterly Reviews

              • Service performance analysis
              • Cost review and optimization
              • Security assessment
              • Compliance status

            2. Annual Assessment

              • Comprehensive risk review
              • Business impact analysis
              • Contract evaluation
              • Relationship assessment

            Documentation Requirements

            • Vendor agreements and contracts
            • Performance metrics and SLA reports
            • Risk assessment findings
            • Incident reports and resolutions
            • Compliance documentation

            This policy will be reviewed annually and updated based on business needs and industry best practices.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0