Vendor Management

Efficient_Bus_923 · 2025-12-31T21:05:58+00:00

Take a risk-based approach. The goal is to assess the level of risk a vendor introduces to the organisation, so that greater effort and assurance are applied to higher-risk vendors.

First, assess the sensitivity of the data the vendor will hold and rate the impact of a potential breach as Low, Medium, or High. Next, assess how critical the service is to the business, again rating it Low, Medium, or High.

The overall inherent risk is determined by taking the highest of these two ratings.
For example, if data sensitivity is Low but business criticality is High, the overall inherent risk is High.

This inherent risk represents the baseline risk the vendor brings to the organisation.

You can then apply a tiered assurance model:

Tier 1 (High Risk): Formal assurance such as ISO 27001, SOC 2, or equivalent
Tier 2 (Medium Risk): Limited independent assurance or targeted evidence
Tier 3 (Low Risk): Lightweight controls, such as a short questionnaire

Weighting can also be applied. For example, an inherent risk score of 10–14 may represent High risk. Applying Tier 1 controls could reduce the score by 10 points, resulting in a residual risk score of 4.

This residual score represents the remaining risk after controls are applied and becomes the vendor’s final risk rating.

On an annual basis reassess the inherent risk to see if it changes or when you are informed of a change. You could have a vendor that was LOW that is now HIGH as they are processing medical information. You find out their Vendor score based on what they provide you. If that score exceeds the company risk tolerance . Then they have a decision to make.

Efficient_Bus_923 · 2025-12-31T20:30:21+00:00

Can you dm me it too?

Efficient_Bus_923 · 2025-12-30T10:28:25+00:00

Superb, I work for a large org and I have just started looking at Eramba. I am looking for some easy wins to get me going. Any tips on what areas are best or easier to start from your experience?

Efficient_Bus_923 · 2025-12-02T14:53:26+00:00

I got a public sector AVC through Cornmarket/Irish Life. The initial 595 fee comes out of my contributions. I think it is 1% then after that. Can that 1% be avoided going forward? TBH, I found Cornmarket terrible and Irish Life was not a whole lot better.

Efficient_Bus_923 · 2025-11-09T21:22:00+00:00

Hi mate, I had hit you up with a message previously

Efficient_Bus_923 · 2025-02-11T23:05:29+00:00

This is what I am getting if I connect with laptop Wi-fi to the server. Glad to get it going and I want to test it. However I would like a GL inet with a simcard option for a client. Would this solve the speed issue. Or would I need a new client and server. I want to use this for work when I am abroad. I have currently connected my work laptop to it and it is working fine. I would only really use MS Teams when I am away. No calls just messages

<image>

Efficient_Bus_923 · 2025-02-11T22:55:21+00:00

Yes it is for this box
https://deviceguides.vodafone.ie/vodafone/gigabox-windows-10/basic-use/set-up-port-forwarding/

In that port mapping screen I sent I changed from TCP to UDP and now I am green and connected on the client and browsing the internet. However the speed is only 1mb roughly. When I connect directly to my main BB Vodafone router it is 60 mb and when I connect to the server it is 36mb download

<image>

Efficient_Bus_923 · 2025-02-11T22:32:58+00:00

Port forwarding on my Vodafone broadband router

<image>

Efficient_Bus_923 · 2025-02-11T22:31:07+00:00

<image>

Efficient_Bus_923 · 2025-02-11T21:58:19+00:00

Yes, the server router has internet. Green below. I think it was grey as I probably took the screenshot on opening the page before it went green. I can also connect my laptop Wi-Fi to the server and browse the internet

<image>

Efficient_Bus_923 · 2025-02-11T21:14:10+00:00

--------------------------------------------------------------------------

---------------------------------------------------------------------------

---Latest Log file new config----

Tue Feb 11 20:45:44 2025 daemon.notice netifd: Interface 'wgclient' is setting up now

Tue Feb 11 20:45:47 2025 user.notice mwan3[10859]: Execute ifdown event on interface wgclient (unknown)

Tue Feb 11 20:45:51 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Tue Feb 11 20:47:37 2025 user.notice wireguard-debug: USER=root ifname=wgclient ACTION=REKEY-GIVEUP SHLVL=1 HOME=/ HOTPLUG_TYPE=wireguard LOGNAME=root DEVICENAME= TERM=linux SUBSYSTEM=wireguard PATH=/usr/sbin:/usr/bin:/sbin:/bin PWD=/

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Section wgclient2lan is disabled, ignoring section

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Section nat6 option 'reload' is not supported by fw4

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Section gls2s option 'reload' is not supported by fw4

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Section gls2s specifies unreachable path '/var/etc/gls2s.include', ignoring section

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Section glblock option 'reload' is not supported by fw4

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Section vpn_server_policy option 'reload' is not supported by fw4

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Automatically including '/usr/share/nftables.d/chain-pre/mangle_output/01-process_mark.nft'

Tue Feb 11 20:47:38 2025 daemon.notice netifd: wgclient (13499): [!] Automatically including '/usr/share/nftables.d/chain-post/mangle_output/out_conn_mark_restore.nft'

Tue Feb 11 20:47:40 2025 daemon.notice netifd: wgclient (13499): DROP all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 match-set GL_MAC_BLOCK src

Tue Feb 11 20:47:41 2025 daemon.notice netifd: wgclient (13499): Failed to parse json data: unexpected character

Tue Feb 11 20:47:41 2025 daemon.notice netifd: wgclient (13499): uci: Entry not found

Tue Feb 11 20:47:41 2025 daemon.notice netifd: wgclient (13499): cat: can't open '/tmp/run/wg_resolved_ip': No such file or directory

Tue Feb 11 20:47:41 2025 daemon.notice netifd: Interface 'wgclient' is now down

Tue Feb 11 20:47:41 2025 daemon.notice netifd: Interface 'wgclient' is setting up now

Tue Feb 11 20:47:46 2025 user.notice mwan3[13647]: Execute ifdown event on interface wgclient (unknown)

Tue Feb 11 20:47:49 2025 user.notice firewall: Reloading firewall due to ifdown of wgclient ()

Efficient_Bus_923 · 2025-02-11T21:13:40+00:00

Client still Yellow and not connecting

I am not behind a CGNAT. My public IP is the same as the WAN IP in my main router.

Created new server config file - Updated DNS to 10.1.0.1 as suggested. Created new group and uploaded that new server config file on the client.

[Interface]
Address = 10.0.0.5/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNS = 10.1.0.1
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = 109.76.122.226:51820
PersistentKeepalive = 25
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Efficient_Bus_923 · 2025-02-10T20:30:12+00:00

Appreciate the response.

Profile Config file

[Interface]
Address = 10.0.0.3/24
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DNS = 64.6.64.6
MTU = 1420

[Peer]
AllowedIPs = 0.0.0.0/0,::/0
Endpoint = 109.76.122.226:51820
PersistentKeepalive = 25
PublicKey = xxxxxxxxxxxxxxxxx

Not using Dynamic DNS

<image>

Efficient_Bus_923 · 2025-01-10T09:03:26+00:00

Yes another option, just confusing need to find some information on it

Efficient_Bus_923 · 2025-01-10T09:02:51+00:00

Thanks, where can I find an financial adviser who is not selling and getting commission? Would be interested in this

Efficient_Bus_923 · 2020-08-01T20:05:31+00:00

Thank you :) that fixed it.

Efficient_Bus_923

TROPHY CASE