1) The document proposes a vendor risk rating system to address asymmetric information between clients and vendors in outsourcing services, especially cloud computing.
2) It suggests a rating approach as an alternative to audits and certifications to provide a relative risk level for vendors using fewer resources. Ratings would segment vendors into risk categories to match client needs.
3) The proposed system uses a mixed self-statement and assessment approach to determine ratings, with audits to strengthen monitoring, in order to avoid conflicts of interest from third parties. Service conditions define proper rating system use with penalties for non-compliance.
An overview of the relationships and cash flows in commercial credit transactions, from simple asset purchases to trade financing to commercial construction loans and mortgages.
Market Vista report provides data and analysis highlighting the key trends and developments in the fast-evolving global offshoring and outsourcing market. Market Vista captures the key developments across outsourcing transaction trends, health of Global In-house Centers (GICs), location risks and opportunities, and service provider developments.
This is a partial preview of the document found here:
https://flevy.com/browse/business-document/wireless-spend-sourcing-framework-86
Description:
This presentation is an example of the process taken to execute a strategic sourcing exercise for Wireless spend. The Wireless spend category relates to mobile phone services ( Verizon Wireless, AT&T Wireless).
Three specific ways you can understand customer needs to reduce market risk. Presentation delivered at Society for Petroleum Engineers conference, May 2009.
It gives me immense pleasure to introduce our firm “Riskpro” founded in 2009- a specialized risk management consulting by our Founders who are qualified risk specialists with diverse work experience in India, Middle East, Europe & US across industries & FI’s.
In continuation of our fast growing presence and business trajectory, I would like to welcome you and share towards launch of RiskPro Insurance Risk advisory Services which is an addition to our existing bouquet of Risk advisory , Consulting, Training & Human Capital Services to corporates across India currently being serviced through our multi location delivery locations in major metros with total presence in 11 Indian cities network already. Our dedicated experts team who are qualified seasoned professionals in Insurance industry across diverse business domains with right blend of optimal solutions for high performance business results.
Insurance business , like any other industry has evolved with new business models, government and regulatory changes, increased market players and de-regulation which has impacted functioning of major insurance players (General, Life)to generate business and also adhere to compliances imposed by governing authorities within volatile global paradigm, which necessitates the need for prudent risk management framework in Insurance businesses. Riskpro with its precise risk-reward approach is your ideal partner in de-risking of your insurance business operating model with risk management value proposition for a long-lasting embedded tenet in your business DNA.
Risk Management Service offerings:-
- Risk - Evaluation/Inspection/Audit & Reporting
- Due-Diligence – Current Insurances/Indemnity advisory/Renewals
- Capital Assets Valuation for loss coverage
- Claims Management
- Regulatory Compliances- IRDA/SEBI/ICDR
Key Domain Areas:-
- Property Risk- Physical Assets
- Financial Risk- Monetary Loss
- Liability Risk- Operational Loss
- People Risk- Employees Loss
Please find enclosed our Company brief introduction and services brochure for your kind consideration and give us a chance to be your preferred risk knowledge partners for a mutual alliance.
“We are quoted in recent Economic Times news as among fastest growing risk consulting firms in India.” (Click for more details).
An overview of the relationships and cash flows in commercial credit transactions, from simple asset purchases to trade financing to commercial construction loans and mortgages.
Market Vista report provides data and analysis highlighting the key trends and developments in the fast-evolving global offshoring and outsourcing market. Market Vista captures the key developments across outsourcing transaction trends, health of Global In-house Centers (GICs), location risks and opportunities, and service provider developments.
This is a partial preview of the document found here:
https://flevy.com/browse/business-document/wireless-spend-sourcing-framework-86
Description:
This presentation is an example of the process taken to execute a strategic sourcing exercise for Wireless spend. The Wireless spend category relates to mobile phone services ( Verizon Wireless, AT&T Wireless).
Three specific ways you can understand customer needs to reduce market risk. Presentation delivered at Society for Petroleum Engineers conference, May 2009.
It gives me immense pleasure to introduce our firm “Riskpro” founded in 2009- a specialized risk management consulting by our Founders who are qualified risk specialists with diverse work experience in India, Middle East, Europe & US across industries & FI’s.
In continuation of our fast growing presence and business trajectory, I would like to welcome you and share towards launch of RiskPro Insurance Risk advisory Services which is an addition to our existing bouquet of Risk advisory , Consulting, Training & Human Capital Services to corporates across India currently being serviced through our multi location delivery locations in major metros with total presence in 11 Indian cities network already. Our dedicated experts team who are qualified seasoned professionals in Insurance industry across diverse business domains with right blend of optimal solutions for high performance business results.
Insurance business , like any other industry has evolved with new business models, government and regulatory changes, increased market players and de-regulation which has impacted functioning of major insurance players (General, Life)to generate business and also adhere to compliances imposed by governing authorities within volatile global paradigm, which necessitates the need for prudent risk management framework in Insurance businesses. Riskpro with its precise risk-reward approach is your ideal partner in de-risking of your insurance business operating model with risk management value proposition for a long-lasting embedded tenet in your business DNA.
Risk Management Service offerings:-
- Risk - Evaluation/Inspection/Audit & Reporting
- Due-Diligence – Current Insurances/Indemnity advisory/Renewals
- Capital Assets Valuation for loss coverage
- Claims Management
- Regulatory Compliances- IRDA/SEBI/ICDR
Key Domain Areas:-
- Property Risk- Physical Assets
- Financial Risk- Monetary Loss
- Liability Risk- Operational Loss
- People Risk- Employees Loss
Please find enclosed our Company brief introduction and services brochure for your kind consideration and give us a chance to be your preferred risk knowledge partners for a mutual alliance.
“We are quoted in recent Economic Times news as among fastest growing risk consulting firms in India.” (Click for more details).
Riskpro India is a specialized Risk Management Consulting firm providing risk management advisory, risk trainings, internal audits, forensic accounting, investigations, fraud prevention, process reviews services etc.
Today all organizations are subject to fraud risks. Large frauds have led to the downfall of entire organizations, massive investment losses, significant legal costs, incarceration of key individuals, and erosion of confidence in capital markets, Consequently as part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy to convey the expectations of the board of directors and senior management regarding managing fraud risk.
Knowing present corporate focus and need for improved fraud risk governance & management, we’re pleased to launch our Fraud Risk Consulting services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services. Our services are offered through our multi location delivery centres in major metros with total presence in 11 Indian cities network.
“We are quoted in recent Economic Times news as among fastest
Riskpro India is a specialized Risk Management Consulting firm providing risk management advisory, risk trainings, internal audits, forensic accounting, investigations, fraud prevention, process reviews services etc.
Real estate services involves the purchase, ownership, management, rental and/or sale of real estate for profit. Improvement of realty property as part of a real estate investment strategy is generally considered to be a sub-specialty of real estate investing called real estate development. Real estate is an asset form with limited liquidity relative to other investments. Management and evaluation of risk is a major part of any successful real estate investment strategy where risk occurs in many different ways at every stage of the investment process from sale, purchase, tenancy to market and environmental conditions where one needs a prudent approach for mitigating potential risks in this business for investors, buyers, sellers and vendors.
Basis above backdrop we’re pleased to launch our comprehensive Real estate Risk advisory services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services.
Riskpro India is a specialized Risk Management Consulting firm providing risk management advisory, risk trainings, internal audits, forensic accounting, investigations, fraud prevention, process reviews services etc.
Real estate services involves the purchase, ownership, management, rental and/or sale of real estate for profit. Improvement of realty property as part of a real estate investment strategy is generally considered to be a sub-specialty of real estate investing called real estate development. Real estate is an asset form with limited liquidity relative to other investments. Management and evaluation of risk is a major part of any successful real estate investment strategy where risk occurs in many different ways at every stage of the investment process from sale, purchase, tenancy to market and environmental conditions where one needs a prudent approach for mitigating potential risks in this business for investors, buyers, sellers and vendors.
Basis above backdrop we’re pleased to launch our comprehensive Real estate Risk advisory services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services. Our services are offered through our multi location delivery centres in major metros with total presence in 11 Indian cities network.
Riskpro India is a specialized Risk Management Consulting firm providing risk management advisory, risk trainings, internal audits, forensic accounting, investigations, fraud prevention, process reviews services etc.
Today all organizations are subject to fraud risks. Large frauds have led to the downfall of entire organizations, massive investment losses, significant legal costs, incarceration of key individuals, and erosion of confidence in capital markets, Consequently as part of an organization’s governance structure, a fraud risk management program should be in place, including a written policy to convey the expectations of the board of directors and senior management regarding managing fraud risk.
Knowing present corporate focus and need for improved fraud risk governance & management, we’re pleased to launch our Fraud Risk Consulting services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services. Our services are offered through our multi location delivery centres in major metros with total presence in 11 Indian cities network.
“We are quoted in recent Economic Times news as among fastest
Riskpro India is a specialized Risk Management Consulting firm providing risk management advisory, risk trainings, internal audits, forensic accounting, investigations, fraud prevention, process reviews services etc.
Real estate services involves the purchase, ownership, management, rental and/or sale of real estate for profit. Improvement of realty property as part of a real estate investment strategy is generally considered to be a sub-specialty of real estate investing called real estate development. Real estate is an asset form with limited liquidity relative to other investments. Management and evaluation of risk is a major part of any successful real estate investment strategy where risk occurs in many different ways at every stage of the investment process from sale, purchase, tenancy to market and environmental conditions where one needs a prudent approach for mitigating potential risks in this business for investors, buyers, sellers and vendors.
Basis above backdrop we’re pleased to launch our comprehensive Real estate Risk advisory services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services.
Riskpro India is a specialized Risk Management Consulting firm providing risk management advisory, risk trainings, internal audits, forensic accounting, investigations, fraud prevention, process reviews services etc.
Real estate services involves the purchase, ownership, management, rental and/or sale of real estate for profit. Improvement of realty property as part of a real estate investment strategy is generally considered to be a sub-specialty of real estate investing called real estate development. Real estate is an asset form with limited liquidity relative to other investments. Management and evaluation of risk is a major part of any successful real estate investment strategy where risk occurs in many different ways at every stage of the investment process from sale, purchase, tenancy to market and environmental conditions where one needs a prudent approach for mitigating potential risks in this business for investors, buyers, sellers and vendors.
Basis above backdrop we’re pleased to launch our comprehensive Real estate Risk advisory services in addition to our existing bouquet of Risk advisory, Consulting, Training & Human Capital Services. Our services are offered through our multi location delivery centres in major metros with total presence in 11 Indian cities network.
Frank Buytendijk is Vice President Corporate Strategy voor Oracle I Hyperion. In deze rol stuurt Buytendijk de wereldwijde strategische richting van Hyperion. Gestationeerd in Nederland, heeft hij een speciale focus op Europa, het Midden-Oosten en Afrika (EMEA).
Buytendijk, een zeer gewaardeerde autoriteit op het gebied van Business Intelligence en Business Performance Management, is begin 2006 overgestapt van Gartner naar Hyperion. Bij Gartner was hij Research Vice President en de hoofdanalist voor Performance Management. Bij Gartner heeft hij zijn ”out-of-the-box“ stijl ontwikkeld en zijn vermogen om de menselijke kant toe te voegen aan business performance management. Tevens heeft hij hier de ”Thought Leadership Award and the Cultural Icon Award“ gewonnen.
Corporate trainings provide tomorrow\'s leaders with skills and knowledge required to make an impact in the business world, Well trained managers develop their competence to think strategically, function more efficiently while gearing up to be instrumental in long-term overall business leadership success.
We’re pleased to launch our comprehensive industry wide ‘Risk Training services’ customized as per your organizational needs which covers entire spectrum of functional, professional knowledge building & skills development areas suitable for your workforce capability enhancement leading to deliver high performance business results.
How to Manage Increasing Data Compliance Issues in Community BanksColleen Beck-Domanico
During one of RMA’s Credit Risk Management Audio Conferences, H. Walter Young, chief liquidity risk officer, M&T Bank and chief data officer, CCAR, shared strategies and best practices for community banks facing increased data compliance and integrity issues, once deemed as “big bank issues."
Personal Finance On-line: New Models & OpportunitiesJoe Lamantia
Strategic review of emerging on-line personal finance offerings, based on changing consumer perceptions of the value and credibility of traditional finance service providers.
Considers social lending, micro-credit, and peer-to-peer lending, in combination with prediction markets, as a new personal finance ecosystem.
Explores service concepts and describes experience scenarios with the goal of finding opportunities for existing finance providers to engage with new models.
In continuation of our fast growing presence and business trajectory, I would like to welcome you and share towards launch of RiskPro Insurance Risk advisory Services which is an addition to our existing bouquet of Risk advisory , Consulting, Training & Human Capital Services to corporates across India currently being serviced through our multi location delivery locations in major metros with total presence in 11 Indian cities network already. Our dedicated experts team who are qualified seasoned professionals in Insurance industry across diverse business domains with right blend of optimal solutions for high performance business results.
Insurance business , like any other industry has evolved with new business models, government and regulatory changes, increased market players and de-regulation which has impacted functioning of major insurance players (General, Life)to generate business and also adhere to compliances imposed by governing authorities within volatile global paradigm, which necessitates the need for prudent risk management framework in Insurance businesses. Riskpro with its precise risk-reward approach is your ideal partner in de-risking of your insurance business operating model with risk management value proposition for a long-lasting embedded tenet in your business DNA.
Similar to Corporate presentation of rating services from LEET SECURITY (20)
Asimetría en el mercado de la seguridad [rooted2011]Antonio Ramos
Presentación sobre la asimetría de información en el mercado de la seguridad y las agencias de calificación como propuesta de solución.
Realizada en el Congreso de seguridad rootedcon 2011
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
4. What is a rating?
• Rating (Collins English Dictionary)
– “a classification according to order or grade; ranking.”
3
– (Economics, Accounting & Finance / Banking & Finance) “the
estimated financial or credit standing of a business enterprise or
individual”
5. What is a rating?
• Ratings of main agencies
are expressed with a
nomenclature that combines 4
letters, upper and
lowercase, numbers and
symbols.
• Although they can change
from one to another, in
general, better rating is
expressed as AAA or A1+.
6. What is a risk rating agency?
• “Company that assigns credit ratings for issuers of
certain types of debt obligations as well as the debt
instruments themselves”, www.wikipedia.org 5
• Companies specialized in securities analysis and that
analyse issuers with their own methodologies (that
combines quantitave and qualitative financial analysis
methods).
7. What is it for a rating?
• Show the synthesis of a company capacity analysis to
deal with its financial liabilities in the short and long term.
That means, it shows the solvency of that company. 6
• It is a succinct indicator of an issuance risk. Issuance with
lower rating, normally, provide higher returns to
compensate the risk.
• Allows investors to compare the risk of different
investments although they come from different issuers,
countries, industries…
8. Rating challenges
• Time, energy, or money
that agent side
(provider) should use to Time 7
send a signal.
• Mechanisms for the
receiver (potential
client) to trust that the
signal is a credible Money Effort
statement of its
information.
9. Theoretical Foundation
• In some economical transactions
(contract theory), disparities in access
to information alter the normal 8
functioning of markets, creating
problems of adverse selection and
moral hazard.
• There are two solutions for opposing
imperfect information (George Akerlof,
1970):
– Signaling
– Screening
10. Theoretical Foundation
• Signaling (Michael Spence, 1973)
– Two sides can circumvent asymmetric
9
information problem if one of them
sends a signal to the other party to
disclose relevant information.
– Signaling consist precisely in that the
agent submit credibly some
information about itself to the other
party.
11. Theoretical Foundation
• Screening (Joseph E. Stiglitz, 1973)
– In this theory, one of the sides can lead
10
the other to show its information.
– In this situation, the side that posses
information is not the first to act, but the
side without information the one who
accept to learn what it can from the other.
13. Need description
• In services outsourcing (especially in ICT
sector) we find an example of assymetric
information that can leads to adverse 12
selection.
– The client does not really know the security
measures that the vendor implements.
– Lack of information could lead the client to
choose always the cheaper service although it
was not the one that better fits its needs.
• This situation is really pressing regarding
cloud computing market.
14. Need description
• There is a need of a
Audit
mechanism that helps to (screening)
balance the asymmetry of 13
information.
• Options (all of them based
on trusted third parties) : Options
Rating ISMS
Certification
(signaling) (signaling)
15. What shows risk vendor rating?
• Rating (for services) gives a relative value
that can be understood as a forecast about
technical solvency of the vendor in relation 14
to its security and resiliency.
• In this way, services with a better rating are
the ones with fewer probability of suffering
an incident that affects Service Level
Agreements in a significant way.
16. Rating advantages
Rating Other options 15
• Less resources (time, • More used / known by
money and efforts) security sector
• Focus on security and
resiliency
• Feasibility of
homogeneous
comparison (single scale)
17. Rating advantages: Supply
segmentation
Current situation – Segmented services
Provider only has one with different ratings
option Users that
16
buy the
service
Fee Users that Fee
Low risk
buy the service
service
Service risk Medium risk
level service
User needs High risk
service
Risk Risk
18. Ventajas de la calificación: Cada
proceso su nivel de riesgo
Situación actual – Los Diferentes procesos
servicios son “café con diferentes
para todos” necesidades
Usuarios que
17
contratan el
servicio
Precio Usuarios que Precio
Servicio riesgo
contratan el bajo
servicio
Nivel de riesgo Servicio riesgo
del servicio medio
Necesidades Servicio riesgo
de los usuarios alto
Riesgo Riesgo
23. Mixed approach Self-statement &
Assessment
• Goal: Avoid the usual conflict of interest arising from the
trusted third party fees being paid by the provider.
22
– Enter to the system: Explanatory dossier.
– Once accepted: Provider self-declare the service rating.
– Upper rating level can be defined by the agency.
• Consequence: Strengthen monitoring mechanisms
– Random and periodic audits.
– Incident notification channel.
– Disciplinary proceedings.
24. Service use conditions
• Allows service providers to use the rating system.
• Establish vendor commitment to use the system in a
23
correct way when self-statement rating levels.
• Defines penalties in case of non-observance of rating
system guide.
• Gives right for the necessary training to self-state rating
levels.
• Annual renewals.