Get an independent assessment of your suppliers’ information security controls
Are you confident your third-party suppliers have adequate security controls in place to protect your customer and organisational data? Do they comply with relevant information security standards?
If you’re unsure, a supplier security assessment will help you to identify, reduce and manage the security risks posed by your suppliers to the confidentiality, integrity and availability of your organisation’s data and services. Our experienced information security experts have completed a wide-range of supplier security assessment programs for clients around the world, using our established framework.
A proactive supplier security assessment program will help you to understand the risks you face before the worst happens. It can also help to minimise the potential financial and reputational damage that could be caused to your organisation if your suppliers were to suffer a data breach or critical technology failure.
What is a supplier security assessment?
CQR’s supplier security assessments provide an independent evaluation of the information security controls your third-party suppliers have in place, test their controls and highlight any potential risk to your business.
We evaluate your key suppliers’ security processes and capabilities against international standards, including ISO 27001 and ISO 22301. We will provide you with a detailed report highlighting the key risks our specialists uncover, as well as a priority remediation roadmap detailing the required corrective actions your suppliers need to implement to safeguard your supply chain.
We’ll assess the strength of the security controls your suppliers have in place to ensure your organisation is adequately protected and prepared. Our experts will also validate the effectiveness of the controls they have in place to give you a clear overall picture of your third-party supplier’s security posture.
Comprehensive assessments – from penetration testing to disaster recovery
Although the specific areas covered are completely flexible, based on your requirements, typically our supplier assessments include:
- External, internal, wireless and physical penetration tests
- Server configuration reviews and password audits
- Assessment of the supplier’s business continuity capabilities, including incident management plans and their ability to shift work to alternate locations
- Disaster recovery capability assessment and IT testing
- Policy and procedure gap analysis against the ISO 27001 standard.
We can support you with one-off supplier assessments, carry out annual supplier reviews or develop a comprehensive supplier assessment program for you.
How does it work?
Our supplier security assessment framework consists of three phases, which can be completed on or off-site, depending on your needs:
1. Assessment – A comprehensive assessment of your suppliers’ current security is carried out, to identify any gaps and issues. A report is produced which gives an overall risk and security maturity rating along with full details of what remedial action is needed.
2 Remediation – The supplier completes the recommended corrective actions, as identified in the assessment. CQR can help provide guidance and advice, where required.
3. Validation – We check that the recommended remedial actions have been effectively implemented and re-assess the supplier’s risk profile based on this.
Our supplier assessments are also supported by a full governance model. This can provide regular reporting against key metrics, which will help you to track progress at both an individual supplier and whole program level.
Get in touch to find out more about how we can help you with proactive Supplier Security Assessments to better understand and manage the risks you face.