Security Analyst at i-confidential
Third-party security is now a fundamental requirement for companies across many industries.
Many of them struggle, however, to determine the security risk of the access suppliers have to their data. With the advent of GDPR, there has been a further emphasis on the Data Controller to maintain responsibility for data held or available to an organisation’s suppliers. This only increases the need to better understand and track those suppliers who have access to sensitive information.
Organisations may have a risk of data breaches from the third-parties they do business with. Smaller suppliers in particular can be less secure than their larger counterparts, as they lack the knowledge and resources required to protect themselves effectively. As a result, criminals may use them to target other companies in order to access valuable data.
Third-party risk profiling helps to create a clear picture of each supplier and identify the risk they pose to an organisation. i-confidential, where I work, has developed a specific third-party profiling service that helps companies better comprehend their suppliers’ access and data.
Through answering a series of questions for each supplier you can quickly classify them to identify those that pose the greatest threat. Understanding which suppliers carry more risk enables organisations to prioritise their follow-on assurance and remediation activities.
i-confidential’s proprietary tooling enables you to process a large number of third-parties, meaning you don’t have to restrict the volume you can profile.
After working with us, our clients are able to free up resources to concentrate on their third-party assurance activities. This is because they gain a clear understanding of which suppliers represent the highest risk.
Failure to recognise the risk posed by your suppliers can be an expensive mistake. Knowing which organisations have access to your sensitive data is one step in the right direction. Supplier profiling is an effective method of identifying this information and will help businesses rapidly progress towards remediating their third-party risks.