Third-party risk assessment and supplier audit
ServicesConsultingRisk ConsultingCyber security audit and compliance
Third-party risk assessment and supplier audit
Information security as a collective construct is not exclusively limited to one’s own company but encompasses the entire supply chain. Therefore, a company-wide, comprehensive process, within the framework of supply-chain management, including a risk-based, supplier assessment and review is necessary.
Our approach:
Our experts will support you during the entire process of implementing a risk-based supplier management process to ensure information security throughout the supply chain as well.
Furthermore, our experts will also support you with contractual agreements regarding information security within the scope of (planned) cooperation with suppliers. Such agreements include, among others, confidentiality agreements, contractual clauses and audit rights. Alternately, we also carry out complete supplier audits, depending on the valuation situation, on your behalf.
Our services:
- Identify scope: Choosing the suppliers relevant to information security, according to their business relationship with the third party
- Assess AsIs: Requesting the information security level of the relevant suppliers to determine the status quo
- Define ToBe: Carry out a risk evaluation of the relevant supplier in terms of their reliability and resilience
- Evaluate GapReport: Compiling a report with an overall assessment of the relevant suppliers and the preparation of recommended measures for guaranteeing the resilience of their business processes
Want to know more?