Our Third-Party
Capability Assessment
Our typical starting point is a Capability Assessment. This is an efficient way of ‘running the rule’ over all the key elements of your third-party security to inform a view of control effectiveness.
​
One of our senior security consultants will conduct the assessment with you, using a discussion-based format to cover all the capabilities that are relevant to your organisation across our three focus areas:
Response
​• Identify
• Evaluate
• Remediate
Foundations
​• Policy & Standards
​• Governance
​• Operating Model
Operations
​• Monitoring & Reporting
​• Continuous Mgmt
Response
Responding to threats is not a singular activity. Your organisation requires a number of capabilities, operating effectively, to ensure you act in a risk-based and proportionate way.
Foundations
Management of third-party security can be spread over multiple areas of an organisation. You must therefore be clear on what you and others are accountable for. Clear understanding of roles and responsibilities, and the right level of governance, means you can be assured that management is effective.
Operations
The glue that makes third-party management effective. Volumes are often large, including both the number of suppliers and potential number of assurance risks being tracked. Internal stakeholders are often demanding and suppliers challenging. ‘Socialisation’ is key, coupled with robust and consistent management information.