Third Party entities improvement #1450
Labels
enhancement
New feature or request
Comments
ab-smith
added
enhancement
|
great inputs @ArchdukeNavaron , thank you!
|
|
@ab-smith on the Entities overview, there is information whether or not this entity is built into CISO Assistant. Because if it is only one or so, I think it should just be removed, because in most cases, it will not be a built-in entity.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be nice if you could document the address of the HQ so that you can easily get an overview of your vendors' current geographic situation.
Allow the configuration of relationships between entities so that you can document sub-processors.
Additionally, it would be nice if you could configure multiple Entities to provide the same solution.
E.g., you could have multiple S3 providers.
Currently, it is impossible to configure a solution that multiple entities can provide.
Allow configuration of recurring audits.
For example, according to ISO27001, you should assess your Third-Party Vendors regularly to check if they are still compliant with your requirements.
Remove the built-in info because, in 99.9% of cases, it does not provide useful information to the user.
Make it dynamic? (when it is built-in, add this information; otherwise, remove it)
Provide information about associated risks on the entity page.
Whenever you create a risk assessment for a vendor's solution, you will most likely end up with some accepted risks.
Therefore, the present and accepted risks should be clearly visible on the entity page.
Consider introducing compliance and risk information on the entity list.
This would also improve the general overview of the current status of your vendors.
The text was updated successfully, but these errors were encountered: