You have outsourced business or IT activities. You consume services or applications from third parties or in the cloud. Your data - including personal data you control - is processed by third parties. Last but not least, you seek assurance on the security offered by these suppliers. We can help.
Our services range from (light or advanced) security audits to the set up of an industrialized approach enabling the continuous evaluation of security risks related to third parties that serve you.
A risk-based audit approach
We have designed audit guides to cover a number of use cases while enabling us to execute these assessments in an efficient and consistent way. These range from self-evaluation questionnaires to on-site audit guides. Our methodology includes an initial screening of suppliers, ensuring that the depth of the assessment is consistent with the nature of the outsourcing risk and typical budget constraints.
Our team is composed of former IT auditors, who have extensive experience in identifying risks, defining compensating controls, evaluating them, and making concrete recommendations to address potential gaps.
A scalable framework
We have designed our third party risk assurance framework around the lifecycle of a third party contractual relationship: this enables you to gain assurance on security of your suppliers, from the initiation of the relation (pre-contract) to the termination of the service. Our framework includes the initial evaluation of the risk profile of the supplier, used also to tailor the depth of the assessment and thereby optimize cost of each assessment.
We operate based on standardized questionnaires and contractual requirements, powered by a tool and automation for greater efficiency and lower cost per assessment. We may of course also operate based on your own methodology and tooling.
We often apply the principles of the framework to one-off engagements as well, in order to help our clients apply this differentiated approach to third party evaluation campaigns: instead of assessing every third party supplier, subsidiary, or client in a uniform way, we help optimize the effort and budget through an initial screening of the targeted organizations, and the proposition of approaches that vary in depth depending on the risk.
Why NVISO ?
- We have a proven methodology, designed by experienced auditors and reflecting good security practices - both technical and organizational.
- Our team has extensive experience in security audits and security assessments.
- We maximize value for money, thanks to our methodology that helps focus your efforts where the risk is higher, our mature methodology and automation that support our auditors.