The quest to identify and address risks in someone else's software product is not for the faint-of-heart! It requires close coordination, cooperation and, ultimately, consent from your business partners - both inside and outside of your organization. How do we standardize an approach to managing software supply chain risks that is both reasonable and fair to our suppliers - and business units that rely on them - without compromising on security and exposing our organization to unacceptable risks?
In this session you will learn:
- How to achieve and formalize internal consensus about your organization's risk tolerance for third-party software
- How to tailor diligence approaches appropriate for that level of risk tolerance
- How to avoid the traps of exceptions and risk acceptances
Max Kovalsky - Grant Thornton
Gregory Rick - Nationwide