Prioritisation of suppliers and other third parties is updated periodically and according to defined triggers, such as system changes and external events
Context and Guidance: The organisation should review prioritisation of third parties to ensure that third parties that pose the greatest risk to the function receive adequate attention. This reevaluation of third-party priority may be driven by a defined timeframe or by defined triggers such as the acquisition of a product from a new vendor or open source information about the financial standing of a company.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: THIRD-PARTIES-1a, THIRD-PARTIES-1b, THIRD-PARTIES-1c, THIRD-PARTIES-1d, THIRD-PARTIES-1e, THIRD-PARTIES-1f.