Third Party Risk Management - Consultancy, Assessment & Advisory

Small Supplier Risk Assessments

Because Small Suppliers Pose a BIG RISK

Managing third-party risk does not come in a one-size-fits-all package

Gaining confidence in your Third-Party risk management program includes the ability to scale easily and include your full supplier ecosystem – not just a handful of your largest suppliers perceived as the most critical due to their scale or your level of investment.

Small businesses accounted for 99.3% of all private sector businesses at the start of 2016 and 99.9% were small or medium-sized enterprises*. Odds are then that your organization has a large percentage of SMB suppliers. Any one of them could be the weak link in your company’s security infrastructure. * Federation of Small Businesses, 2017

An assessment approach that works for your global payroll provider, with more than 50,000 employees, will not work when it comes to assessing your 25-person law firm.

Both types of companies may have access to your networks or critical data, but their levels of sophistication – when it comes to cyber security – can be significantly different.

The challenges of small supplier risk assessment and risk management

Resources – they lack the manpower, expertise and budgets for maintaining a high level of security and well documented policies and processes

Responsiveness – their ability to respond to assessment questionnaires that are designed for much larger, more sophisticated and well-resourced companies

Presence – their online presence will not provide enough information to offer an initial view of their cyber risk through external scanning

Objective, programmatic validation of small supplier risk assessments

The best way to ensure your suppliers meet a true baseline level of security is to gather validated data from internal security controls. DVV Solutions programmatically collects internal security controls data developed from best practices such as CIS, SANS 20.

These controls, which are responsible for preventing 80% of attacks**, provide CISOs and Risk Managers with objective, validated information regarding the actual security postures of their SMB vendors. **Council on CyberSecurity, Annual Report 2014

By observing security controls in user audits, patch management, firewall, antivirus, cloud usage and more, DVV Solutions provides you with the advantage of assessing all your important third parties, not just your biggest ones.

Call today 0161 476 8700

or Submit a Contact Form

Why choose us?

We are specialists in Third Party Risk Management with over 18 years of experience in Cyber Security and Governance, Risk & Compliance
We are a Shared Assessments program member and recognised Assessment Firm with CTPRP-certified IT Security Assurance Consultants.
We are focused on delivering a Third Party Risk Management program that secures your data supply chain and enhances your IT security posture.