Vendor (3rd Party) Security Assessments
We understand the importance of maintaining good business relationships.
You rely on business partners to provide critical services. It’s no wonder third parties are a growing cause of data breaches. Understanding your exposure is the first step in mitigating risk. We have tested and fine-tuned our risk assessment methodology over many years and thousands of assessments.
Why Conduct An Assessment?
Compliance HIPAA, PCI, 23 NYCRR, IRS 1075, MARS-E, etc
Identify potential risk you are inheriting from vendors
Accountability Use assessment results to improve your third party service providers’ accountability
Evaluate potential partners earlier in your relationship and make better business decisions
Minimize inherited risk from potential and existing partners
Transparency provide metrics and reporting on vendor security risk to your executive team
Our Methodolgy
Partner Trust Assessment (PTA)
Our analysts ask questions from relevant security control groups. For example: Physical Security, System Security, Access Controls, Operational Security, Data Security, Network Security, and Application Development Security. All evidence provided by your partners is reviewed and assessed.
Privacy Impact Assessment (PIA)
With your vendors’ answers in hand, an analyst evaluates data privacy, access, and governance risks. This part of the assessment addresses privacy controls such as data use and accuracy, sharing practices, notification of use, and access to data.
Vendor Impact Analysis (VIA)
What’s the worst that could happen? Our analyst outline the business impact from a breach in confidentiality, loss of integrity, or lack of availability from the vendor.
Managed Service Deliverables
Yearly Assessments
of all vendors in your security risk management program
Monthly Status Reports
include assessment progress, dashboards of overall risk levels, and key deliverables
Annual Risk Level Report
provides your management team or board members with a 20,000 foot view of your vendor risk
Recent Blog Posts
Vendor Risk Assessments – Which Methodology Meets Your Needs?
By: Paul Dusini, Information Assurance Manager There are a growing number of vendor risk assessment services on the market today. These services can be divided into two categories – ones that assess risks outside of the vendor’s firewall and those that assess risks...
Risk Management – Which Vendors Should I Assess?
Third party security assessments are a crucial part of any information security risk management program. Conducting ongoing security assessments of your vendors will give you clarity on the risks you may be inheriting from them. The first step in any vendor security...
The Meaning of Vendor Management in Your Organization
An ever changing landscape More and more companies are relying on business partners to deliver on strategy and daily operations to optimize IT or business outcomes. The problem: individuals outside the business have been given access to your network and data by...
Third-Party Vendor Security Risks: 4 Stats You Need to Know
For many companies, the use of third-party vendors is an afterthought. After all, every company uses them, whether it be for a payroll service or some type of marketing platform. However, just because the use of third-party partners is widespread doesn’t mean that...
“NuHarbor assessments give visibility into our third-party risk exposure. We don’t have the internal resources to conduct yearly assessments of our 40+ vendors. These valuable insights inform the decisions we make when choosing and managing partnerships.”
Why Outsource Vendor Risk Assessments?
Analyze Trends and track security risk for all partners in your vendor security risk management program
Benchmark vendors to see if they are complying with best security practices
Measure risk posture of your partners over time
Adjust Contracts based on your vendors’ risk levels.
Scalable quickly onboard new vendors into your vendor management program
We Can Also Help With…
Single-Serve Assessments
Take a test drive. Try a single vendor assessment.
Tailored Assessments
Do you need an assessment questionnaire or process specific to your business needs? For example: security frameworks, project requirements, compliance, and industry best practices are metrics our analysts can utilize.
Identifying Quality Partners
Our Risk Assessment Team can inquire into potential partners. We detail the processes and data involved to gauge risk.
Customized Reporting
Need to track certain metrics or risk areas? We can work with you to meet your business’s reporting requirements.
User Controls
Yearly review of complementary user controls