Professional Services
Increasingly, organisations are using third parties in order to meet their business goals. These third parties can play various roles in the supply chain, from the provision of products through to the delivery of information technology services.
Any breach of a contracted third party’s systems has serious impacts on the operational, legal and reputational standing of the contracting organisation. Countries including Australia and New Zealand continue to tighten their regulations, with stiffer penalties for information security and privacy breaches.
Enterprise risk frameworks that encompass third party information security risk, and overall best practice in line with internal policy and international standards such as ISO31000 and ISO27005, are important in complying with the regulatory requirements and overall management of third party information security risk.
It is therefore critical that organisations regularly review their risk profile as associated with the use of these external parties, who handle customer information, financials, Personally Identifiable Information (PII), and Protected Health Information (PHI). Key to this is to identify, assess, mitigate, and continuously monitor third party information security risk in line with the enterprise-wide risk framework.
The Kaon Security team have the capability to assist organisations with a comprehensive Third Party Cyber Risk Management service.
Objective
The Third Party Cyber Risk Management service:
Deliverables
The Third Party Cyber Risk Management report includes the following:
Working with suppliers and partners can create new risks. Here are some of the most common questions we hear about Third Party Cyber Risk Management, with clear answers to guide you.
Third Party Cyber Risk Management is the process of identifying, assessing, and reducing the cyber security supply chain risks posed by external suppliers, vendors, contractors, and service providers. Any organisation that connects to your systems, handles your data, or supports your operations can introduce vulnerabilities that need to be understood and managed.
A significant number of cyber incidents and data breaches stem from weaknesses in the supply chain. Even with strong internal security, a vulnerable supplier can be an entry point for attackers. Managing these risks helps you:
Our service provides a clear view of supplier-related risks and how to address them. This typically includes:
We use a governance-focused approach, considering:
Assessments may include documentation reviews, stakeholder interviews, and evaluation against frameworks such as ISO 27001, ISO 27036, and NIST.
Yes. We categorise your suppliers by risk and criticality, helping you focus on those who present the highest risk to your organisation. This targeted approach ensures resources are used efficiently while maintaining appropriate oversight across your supply chain.
Yes. We deliver a clear, structured risk register that documents key supplier risks, their potential business impact, and recommended actions for mitigation, monitoring, or further review. This becomes a practical tool for managing ongoing supplier oversight.
Supplier risk management is required under many frameworks and regulations, including:
Our process aligns with these standards, helping you demonstrate due diligence and meet audit, regulatory, and contractual expectations.
We assess suppliers and service providers such as: