[Before] Third-Party Risk Management

I was going through ISO 27001 and COBIT to understand the Third-Party (or vendors) Risk Management process in detail. And though both the frameworks provide enough guidance on ensuring the proper due diligence on the vendors, I could not find any material on what happens before the vendors are onboard – how does the Information…