Complete Vendor Information Security Review

Are your vendors as secure as their salespeople say?

 

 

We bring together all of our skills in vendor risk management, vendor evaluation, COBIT 5, COSO 2013, NIST, FFIEC Cybersecurity Assessment Tool, credit union and bank information security and business continuity PLUS our comprehensive vendor knowledge in our VendorVault™ to provide a complete information security review either before you contract with a new critical vendor or as part of your ongoing vendor management monitoring program.

We gather all relevant documents including vendor information security policies, examination reports including the vendor Report of Examination (ROE) , insurance, etc. and review for appropriate security, availability, recovery, confidentiality, privacy, incident response and breach management,  4th party risk, compliance risk, reputation risk, and strategic risk. We also include our vendor financial risk review, vendor SSAE 16 review, vendor business continuity plan and test results review and vendor contract risk review. We summarize our findings and recommendations, create an examiner-friendly report and present to your IT Steering Committee, Vendor Management Team, Risk Committee, executive team, or Board.

Key Features:

  • Review can be conducted as part of your internal new vendor evaluation process, our vendor evaluation project or your ongoing vendor risk management program
  • Prepared by our vendor management experts including both CISSP’s and former bank examiners, CIOs and Information Security Officers
  • Includes recommendations to reduce your vendor risk exposure
  • Above and beyond. We can help you mitigate identified vendor risks through contract negotiation, business continuity or other means.
  • Examiner-approved. Our vendor risk review, scoring process and risk scorecards have been approved by every regulatory agency.

Learn More About Our Vendor Information Security Review Services

Schedule a time to talk with one of our Vendor Management Consultants
or, if you’re ready, request a custom pricing proposal

Talk to a Vendor Management ExpertRequest a Demo


So, What Makes Us Different?

DO IT FOR ME

Let us gather and review your vendors’ information security program, so you can focus your time on making the best business decisions  from our recommendations.

PENETRATING VENDOR INSIGHTS

We are in the vendor evaluation business, so we are evaluating all aspects of the major vendors every day. Not only do we review vendor financials and attend vendor earnings calls, but we meet with vendor executives  every Friday to get product, company  and security updates.  We track vendor wins and losses , monitor changes in marketshare , evaluate their products and know about problems before they’re public.

VENDOR INDEPENDENT

Many competing vendor management software and services are actually resold by your moderate to high risk vendors. This means they will only share publicly available information. We on the other hand are Gonzo and share non-public vendor dirt every day, all day. (link to Trouble in the Great White North)