Press Release

 ISACA Helps Enterprises Manage Vendors Using the COBIT 5 Framework 

Guide Provides Sample SLAs, Case Studies and Mappings

Rolling Meadows, IL, USA (11 March 2014)—As enterprises increasingly rely on cloud service providers and other vendors to provide fundamental services, the related risk becomes more significant. Global IT association ISACA has released a guide applying the internationally accepted COBIT 5 governance framework to help enterprises effectively manage vendors.

Vendor Management: Using COBIT 5 provides practical action items for all stakeholders involved in the vendor-management process, from the board and C-level executives to the legal department and IT. It outlines:

  • Life cycle stages and stakeholders
  • Good practices to manage threats and risk
  • How to manage a cloud service provider
  • Practical service level agreement (SLA) templates, checklists and examples (available for download in an online toolkit)
  • A case study outlining the consequences of ineffective vendor management
  • A high-level mapping of COBIT 5 and ITIL V3 for vendor management

“Recent research from the IT Policy Compliance Group reveals that approximately one out of five enterprises does not invest sufficient effort to manage vendors and vendor-provided services effectively,” said Nikolaos Zacharopoulos, CISA, CISSP, senior IT auditor at DeutschePost-DHL and member of ISACA’s Guidance and Practices Committee. “This means that enterprise requirements and standards are not properly incorporated into vendor contracts, ownership of information being handled by vendors remains unclear, and access to information is not guaranteed if the vendors go out of business.”

The ISACA publication emphasizes that IT vendor management is not solely IT’s responsibility, and clarifies the responsibilities of stakeholders within the enterprise.

“As companies worldwide are turning toward fewer—but much more integrated—vendors, they are benefiting from a single point of contact. However, they are simultaneously increasing risk to the enterprise, and that risk needs to be managed rigorously by all stakeholders,” said Zacharopoulos. “The COBIT 5 framework provides tested guidance to help them effectively govern these relationships so they deliver maximum value with minimum risk.”

Vendor Management: Using COBIT 5 is available at ISACA members can download the ebook free of charge. The COBIT 5 framework publication is available as a free download at

Note: At the time of publication, this book was complimentary to ISACA members for an introductory time period. There is now a charge for this item. ISACA members receive six COBIT publications free of charge (a US $210 value), and significant discounts on all other COBIT publications.


With more than 110,000 constituents in 180 countries, ISACA( helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:


Kristen Kessinger, +1.847.660.5512,

Joanne Duffer, +1.847.660.5564,