top of page

Back to Products & Services

Supply Chain and Third Party Assessment

​

Few organisations exist in isolation, with many choosing to outsource certain activities to other third-party suppliers for cost or strategy reasons (e.g. they want to focus on their core business offering). This makes very good business sense.

​

However, when working with any third parties, vendors, suppliers or external business partners, it is critical that you validate the effectiveness of their security controls to ensure they are aligned with your risk appetite.  This is particularly important when they: i) process or otherwise have access to your sensitive data and networks, or ii) are critical to your operations.  

​

The implications of a data breach, or your organisation being unable to deliver to your customer’s expectations (because of a security incident with one of your third-party service suppliers) could have a significant impact in terms of legal, reputational and financial consequences to your business.

​

How we can help

​

We provide a framework to assess the effectiveness of the security controls utilised by any third parties, vendors, suppliers or external business partners used by your organisation.   

​

We remove the burden of conducting these assessments on your behalf, allowing you to focus on your core business priorities with confidence that your supply chain is operating in a secure manner.

​

  • The assessment is aligned with ISO27001, an industry recognised method to manage security controls and associated risks to your organisation, meaning that you can quickly ascertain the maturity of the organisation’s security control effectiveness;

  • The outcome of each supplier assessment is reported with an easy to digest Red, Amber, Green (RAG status) for each of the stipulated controls, allowing you to home in on the areas of concern quickly and easily;

  • Context is provided in non-technical language of the purpose and importance of each control, so that senior executives can understand their value;

  • The risks of having in-effective or no security controls in place are clearly articulated, providing you with the information needed, to allow you and senior executives to make an informed decision on whether or not to support their implementation.

​

​

​

​

​

​

0208 462 0882

info@thepracticalciso.com

© 2018 - 2019 The Practical CISO All rights reserved.

tThe Practical CISO Limited

Registered in England and Wales at the above address. Number: 10243165

​

VAT Registration Number: 245365403

bottom of page