Third Party Information Security Risk Review

Understand your risk profile associated with using third parties

Increasingly, organisations are using third parties in order to meet their business goals. These third parties can play various roles in the supply chain, from the provision of products through to the delivery of information technology services.  

Any breach of a contracted third party’s systems has serious impacts on the operational, legal and reputational standing of the contracting organisation. Countries including Australia and New Zealand continue to tighten their regulations, with stiffer penalties for information security and privacy breaches.

Enterprise risk frameworks that encompass third party information security risk, and overall best practice in line with internal policy and international standards such as ISO31000 and ISO27005, are important in complying with the regulatory requirements and overall management of third party information security risk. 

It is therefore critical that organisations regularly review their risk profile as associated with the use of these external parties, who handle customer information, financials, Personally Identifiable Information (PII), and Protected Health Information (PHI). Key to this is to identify, assess, mitigate, and continuously monitor third party information security risk in line with the enterprise-wide risk framework.

The Kaon Security team have the capability to assist organisations with a comprehensive Third Party Information Security Risk Review.

Objective

The Third Party Information Security Risk Review:

  • Assists the organisation to build their third party risk profile
  • Assists in developing mitigations for third party information security risks
  • Integrates third party information security risk into enterprise risk
  • Improves the organisation’s visibility of third parties
  • Reduces information security risk associated with the use of third party providers
  • Helps to identify information security gaps in the third party’s environment.

Deliverables

The Third Party Information Security Risk Review report includes the following:

  • An executive summary
  • Details from the workshop
  • Key findings and recommendations in line with best practice
  • Information Access Sheet, including Information Categories

Contact Us Today

Fill in the form below or call us on +64 9 570 2233