Vendors Inventory and Attributes - Governance attributes for the Vendors Inventory
Vendors Inventory and Attributes
Chapter 13. Governance attributes for the Vendors Inventory
Governance attributes document the review cadence, governing bodies, and oversight processes that govern each Vendor relationship.
| Attribute Name | Maturity | Description and Notes |
| Review Cadence | Walk | Description — How often this vendor relationship is formally reviewed — including performance assessment, risk reassessment, contract compliance review, and strategic alignment check. Benefit(s) — Ensures governance attention is proportional to vendor importance and risk. Tier 1 vendors warrant quarterly reviews; Tier 4 vendors can be reviewed annually. Source — Manual. Examples — Monthly, Quarterly, Semi-Annual, Annual Notes — Recommended minimum: Quarterly for Tier 1 and Tier 2 vendors; Annual for Tier 3 and Tier 4. Event-driven reassessment is required regardless of scheduled cadence when a vendor experiences a security incident, M&A activity, or material service change. |
| Governing Body | Walk | Description — The internal organizational body or function responsible for approving vendor onboarding, contract renewals, and relationship termination decisions for this vendor. Benefit(s) — Ensures vendor governance decisions are made with appropriate authority and cross-functional input from procurement, legal, finance, information security, and compliance. Source — Manual. Examples — Vendor Governance Board, IT Procurement Committee, Executive Leadership Team, Procurement and Legal (joint approval) |
Copyright for the International Foundation for Information Technology (IF4IT): 2008 - Present
Legal Disclaimers