Your browser version is outdated. We recommend that you update your browser to the latest version.

The 1st Compliance International Supplier Cyber-security risk management three step plan

Step one
Provide our free tool to all business owners, project managers and anyone else who is likely to Implement new services. When they buy or implement a new service, engage a new supplier, or use an existing supplier for different services - get them to complete the questionnaire (maximum of three questions).
This will allow a greater coverage of initiatives with small effort. It also provides an early warning indicator for specific serious risks. Try here

Step two
Carry out an initial risk assessment using our Data/Service CIA Classification and Risk Rating tool to establish the level of risk assessment of the supplier and service that is appropriate. The easily achieved risk identification and supplier rating systems allows for a prioritisation of risks and effective risk management planning. Try here

Step three
Rest easy: Integrate our Relationship Assessment, Regulatory Compliance, Risk Assurance and Continuous Verification services with your existing activities and risk management tools. Free up the resources that get tied up creating questionnaires, sending emails, interviewing, monitoring, chasing, and tracking spreadsheets for the small to medium suppliers and services.
Manage supplier security to an appropriate level and receive reporting that shows real time risk posture. Be able to see the profiles of individual suppliers and services, from the overall risk landscape of all outsourced activities, to the individual security controls that should be Improved.

Choose the level of internal activities devoted to supplier assurance to suit, continue to manage the security of major 3rd party relationships internally or engage full risk assessment services.

Supplier risk management services.

Assisting businesses with implementing risk assurance, we can provide fully managed third party due diligence services. Risk assessments can be based on existing questionnaires and processes provided by the customer. Alternatively we  can develop processes and questionnaires on international security standards such as ISO27001,PCI DSS, NZISM, GDPR HIPPA, or customised to suit. Hosted in the cloud, the platform integrates with existing risk management tools (e.g. RSA Archer) and reporting tools.
This removes the need for the management of large spreadsheets containing suppliers and their security questionnaire responses, email accounts for due diligence mail shots, email lists of suppliers, word documents with security questionnaires to be sent out and received, follow up phonecalls, and manual updating /reporting.
Click here for a free trail