We bring together all of our skills in vendor risk management, vendor evaluation, COBIT 5, COSO 2013, NIST, FFIEC Cybersecurity Assessment Tool, credit union and bank information security and business continuity PLUS our comprehensive vendor knowledge in our VendorVault™ to provide a complete information security review either before you contract with a new critical vendor or as part of your ongoing vendor management monitoring program.
We gather all relevant documents including vendor information security policies, examination reports including the vendor Report of Examination (ROE) , insurance, etc. and review for appropriate security, availability, recovery, confidentiality, privacy, incident response and breach management, 4th party risk, compliance risk, reputation risk, and strategic risk. We also include our vendor financial risk review, vendor SSAE 16 review, vendor business continuity plan and test results review and vendor contract risk review. We summarize our findings and recommendations, create an examiner-friendly report and present to your IT Steering Committee, Vendor Management Team, Risk Committee, executive team, or Board.
- Review can be conducted as part of your internal new vendor evaluation process, our vendor evaluation project or your ongoing vendor risk management program
- Prepared by our vendor management experts including both CISSP’s and former bank examiners, CIOs and Information Security Officers
- Includes recommendations to reduce your vendor risk exposure
- Above and beyond. We can help you mitigate identified vendor risks through contract negotiation, business continuity or other means.
- Examiner-approved. Our vendor risk review, scoring process and risk scorecards have been approved by every regulatory agency.
So, What Makes Us Different?
DO IT FOR ME
Let us gather and review your vendors’ information security program, so you can focus your time on making the best business decisions from our recommendations.
PENETRATING VENDOR INSIGHTS
We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives every Friday to get product, company and security updates. We track vendor wins and losses , monitor changes in marketshare , evaluate their products and know about problems before they’re public.
Many competing vendor management software and services are actually resold by your moderate to high risk vendors. This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day.