3rd Party Risk Management

Vendor Risk Assessment: Essential Components

ComAir's Ramon Lipparoni on Steps to Mitigate Vendor Risks
Vendor Risk Assessment: Essential Components
Ramon Lipparoni, IT Integration manager at ComAir.

Vendor risk management is becoming far more critical as companies in all sectors rely more on partners who have access to payment card data and other sensitive information, says Ramon Lipparoni, IT integration manager at ComAir, a South African airline. One critical step, he says, is conducting impromptu vendor audits.

"We're starting to have to manage our vendors a little bit more effectively with a little bit more vigilance around how vulnerable their systems are outside of our environment," Lipparoni says in an interview with Information Security Media Group. That includes scrutinizing the risk components of every vendor, including their PCI compliance, he says.

Impromptu audits are particularly valuable in assessing the security of vendors, he stresses. "You can learn a lot by visiting the vendor's location," he says. "From time to time we like to go out and do an impromptu audit and interact with them." He suggests creating a vendor-specific questionnaire for these audits.

Lipparoni was a speaker at PCI's Cape Town summit.

In this interview (see audio link below photo), Lipparoni also discusses:

  • The importance of network segmentation;
  • How to grant third-party vendors appropriate access to corporate systems;
  • The technologies that can be used to manage vendor risks.

Lipparoni is the IT integration manager with ComAir. He has been in the IT business for the past 20 years. He has specialized in core business management and integration's management arena, focusing on a multifaceted business portfolio including ERP, business logistics, design and implementation management and international applications development.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.