top of page

Third-Party Improvement
How We Can Help

Improve Graphic

Following a Capability Assessment, our security consultant will document the findings in a report that clearly scores each area in scope, and will recommend appropriate next steps to improve your security.

Third-party improvements can take many forms:  

  • Spot fixes, such as upgrading policy and standards documents.

  • Significant, multi-layered changes, like developing an assurance function.

  • Building new teams to run foundational processes, such as supplier profiling.  

The key is: be proportionate. We can help you put this into practice and protect your organisaton, based on your appetite for risk.

Report Extract

Document_edited Icon
Third Party Capability Report Extract
Sun Icon

What’s Right for You?

Reducing third-party security risk is often a challenge of scale and complexity, but we can support your improvement decision making. There are four key considerations:

Risk Alignment Graphic

1. Risk Alignment

Understand what your suppliers do and the threats they pose before committing to action. Criteria include: 

  • Customer numbers involved in a service, the nature of data sharing, and overall volumes.

  • Access to your network and systems. 

  • Analysis and modelling against a set of defined risk thresholds to enable supplier tiering – e.g. low, medium, high risk.

Rain Icon
Socialisation graphic

2. Socialisation

Suppliers may be used by multiple areas of your organisation. Many opinions will inform the threats posed and corresponding criticality. This includes engagement with the suppliers themselves, who may not be enthusiastic about your improvement plans!

Running Process graphic

3. Running the Process  

Many third-party processes are carried out every day and can involve teams of people. Success factors include:

  • Engagement with both internal stakeholders and suppliers – vital for processes to run smoothly.

  • Management information – this needs to be in place to enable effective oversight.

  • Strong supervision – only this can provide the ‘glue’ to operate an effective, risk-based service.

Budget graphic

4. Budget

  • With a clear view on risks and corresponding actions, you can estimate the likely cost of change and run activities. 

  • This cost view can in turn be used to demonstrate your plan for delivering risk reduction – a business case for improvement.

Call To Action.png

View Our

Case Studies

i-confidential Third Party Offering Logo
Deliver Graphic

Helping You Deliver

With an improvement plan defined, you may need some support to deliver the changes required.  

Our blend of consultancy expertise and large resource network of trusted security practitioners allows us to help clients deliver change across the wide scope of third-party security.


From updating policies and standards, to developing a supplier assurance function, or even just providing ad hoc technical advice, we will work closely with you to ensure your plans succeed.

Security Consultancy

Bespoke support, from stakeholder management to technical advice.

i-confidential Security Consultancy Offering Logo
i-confidential Security Resources Offering Logo

Security Resources 

Access our industry-leading network of security practitioners.

bottom of page