|SSAE 16 audit reports are the most practical way for you to judge your outsourced vendors’ data center security policies, processes and procedures. Trouble is, they’re really hard for even experienced CIOs to read. Oh, and vendors still control the scope of these audits so you might miss that what you receive are merely the results of interviews covering 25 controls when you should expect test results of 75 controls.
Our Certified Information Systems Security Professional (CISSP) will review your vendors’ SSAE 16 report, compare it to our gold standard criteria, calculate the risk score, roll them into our popular vendor risk scorecards and make actionable recommendations to improve your risk profile.
Let us gather and review your vendors’ SSAE 16 and SCO reports, so you can focus your time on making the best business decisions from our recommendations.
We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives every Friday to get product, company and security updates. We track vendor wins and losses , monitor changes in market share , evaluate their products and know about problems before they’re public.
Many competing vendor management software and services are actually resold by your moderate to high risk vendors .
This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day. (link to Trouble in the Great White North)