We bring together all of our skills in vendor risk management, vendor evaluation, COBIT 5, COSO 2013, NIST, FFIEC Cybersecurity Assessment Tool, credit union and bank information security and business continuity PLUS our comprehensive vendor knowledge in our VendorVault™ to provide a complete information security review either before you contract with a new critical vendor or as part of your ongoing vendor management monitoring program.
We gather all relevant documents including vendor information security policies, examination reports including the vendor Report of Examination (ROE) , insurance, etc. and review for appropriate security, availability, recovery, confidentiality, privacy, incident response and breach management, 4th party risk, compliance risk, reputation risk, and strategic risk. We also include our vendor financial risk review, vendor SSAE 16 review, vendor business continuity plan and test results review and vendor contract risk review. We summarize our findings and recommendations, create an examiner-friendly report and present to your IT Steering Committee, Vendor Management Team, Risk Committee, executive team, or Board.
Let us gather and review your vendors’ information security program, so you can focus your time on making the best business decisions from our recommendations.
We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives every Friday to get product, company and security updates. We track vendor wins and losses , monitor changes in marketshare , evaluate their products and know about problems before they’re public.
Many competing vendor management software and services are actually resold by your moderate to high risk vendors. This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day. (link to Trouble in the Great White North)