Third Party Risk Management - Consultancy, Assessment & Advisory

About Us

Send your CV

    Welcome to DVV Solutions

    DVV Solutions was established in 1999, and has become one of the UK’s leading providers in the design, implementation and management of Third Party Risk Management (TPRM) and IT Security services.

    We have a proven model for Third-Party risk reduction and mitigation. Our suite of consultative and managed services improve your ability to manage increasing numbers and complexity of outsourced supplier risk backed by leading risk intelligence and automation platforms.

    Our ethos is to provide you the best value for money by offering the highest quality of service within a clear and consistent cost model. We do this by leveraging our extensive experience in the IT services sector and our best-of-breed technology and service partners.

    As a Shared Assessments Program member and registered Assessment Firm we utilise industry-standard practices including Standardised Information Gathering (SIG) questionnaires, the GDPR Data Processor Privacy Tool Kit and Standardised Control Assessment (SCA) for onsite audits.

    What we do

    Organisations of all sizes have become more dependent upon Third-Parties to manage and process their mission-critical operations, Customer and Employee Personally Identifiable Information (PII) and commercial activities. As a consequence, understanding the key policies, security practices, and other controls suppliers use to protect this information is now critical to ensuring operational efficiency, security and regulatory compliance.

    DVV Solutions has developed a proven model for Third-Party risk reduction and mitigation.  Our suite of consultative and managed services improve your ability to manage increasing numbers and complexity of outsourced supplier risk backed by leading risk intelligence and automation platforms, enabling you to;

    • significantly reduce the time and resource costs associated with in-house collection and analysis of third-party risk assessments
    • rapidly increase the scale of your TPRM program by supplementing your existing resources and enabling existing teams to manage more suppliers, more effectively
    • immediately ramp-up your existing TPRM program to ensure the assessment of mission-critical suppliers to “best practice” methodologies
    • improve the proficiency and maturity of your TPRM program to meet the most stringent regulatory requirements

    Our customers include organisations from Finance, Legal, Insurance, Retail, Healthcare and the Public Sector.

    How we do it

    We Establish your Security Baseline – We’ll work with you to understand the maturity of your current TPRM model, identify key deliverables and build a roadmap to your ideal state.

    We Map your Third Party Risk Landscape – We’ll manage your remote and on-site assessments, gather evidence and provide detailed Third Party risk reports and analysis on each service and supplier.

    We Remediate and Improve – We’ll help you put the right internal measures in place and guide you and your suppliers to mitigate external risks.

    We Continuously Monitor Risk – We’ll ensure an ongoing stream of threat intelligence against your security baseline and ensure any new risks are identified and addressed.

    We Re-Assess and Renew – We’ll then support a regular review of your TPRM model and perform annual risk assessments to stay focussed on achieving your third party risk reduction program.

    Our credentials

    Since 2014, we have been audited and are accredited to ISO14001 standards. Significant environmental advances have been made since achieving the accreditation, including the use of Symantec Control Compliance Suite (CCS) to automate the management of our policies and processes.

    DVV Solutions has always been committed to running its operations in an environmentally friendly manner. By achieving ISO14001..2015 the company is publicly committing to continually review and improve its procedures to reduce its impact on the environment.

    In 2016, we were also certified by QG Management Standards to the UK Government’s Cyber Essentials Scheme and The IASME Standard. Certification demonstrates our ability to mitigate risk and reduce vulnerability from cyber attacks.

    The Cyber Essentials Scheme offers a core set of security controls within a standardised assurance framework and is backed by industry including the Federation of Small Businesses and the Confederation of British Industry (CBI).

    DVV Solutions have also met the standards laid out by the CCS and have been accepted onto the G-Cloud 9 framework which contains cloud services. We are listed on the Digital Marketplace under the Cloud Software category.

    Shared Assessments

    DVV Solutions are proud to have been accepted within the Shared Assessments global membership program with recognised status as an authorised Assessment Firm.

    As the trusted source in third party risk, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005.

    Shared Assessments Program members work together to build and disseminate best practices, building resources that give all third party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments. For more information on Shared Assessments, visit


    ProcessUnity’s cloud-based solutions help organisations of all sizes automate their risk and compliance programs. Their highly configurable, easy-to-use tools significantly reduce manual administrative tasks, allowing customers to spend more time on strategic risk mitigation.

    As a software-as-a-service technology, ProcessUnity Vendor Cloud deploys quickly with minimal effort from customers and their IT resources. Vendor Cloud’s technology delivers faster, better results, and the ability to scale governance, risk, and compliance programs over time. Learn more at


    BlueVoyant Third-Party Cyber Risk Management Services help protect organisations by identifying, assessing, and remediating security risks posed by third-party relationships. BlueVoyant utilises our powerful, proprietary datasets to expertly identify and measure third-party risk, integrating people, processes, and technology to tailor solutions to an organisation’s needs.

    BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts.

    Learn more at


    SupplyWisdom is a NeoGroup company.

    NeoGroup, Inc. has been monitoring suppliers and locations around the globe since 1999. At the behest of two of our clients, a financial services company and a pharmaceutical company, we collaborated and co-created a risk monitoring solution. Supply Wisdom was born in 2012 out of this need for an early warning service to help clients detect and prevent disruptions.

    Today, Supply Wisdom equips global enterprises with continuous third-party risk intelligence, real-time risk monitoring, in-depth risk assessments, and health scorecards to minimise the risks of disruption facing all global businesses.

    Black Kite

    Black Kite enables enterprises to monitor their external cyber risk posture and perform nonintrusive cyber risk assessments of their suppliers, subsidiaries and target acquisitions.

    Using easy-to-understand scorecards, we provide standards-based letter grades on various risk categories, along with data on how to mitigate each risk in priority order.

    Learn more at

    BitSight Technologies

    Founded in 2011, BitSight transforms how organisations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct M&A due diligence and assess aggregate risk.

    With over 1,500 global customers and the largest ecosystem of users and information, BitSight is the most widely used Security Ratings Service. For more information, please visit, read their blog or follow @BitSight on Twitter.

    careers at DVV Solutions

    We are always on the lookout for bright new talent. You’ll find a list of current positions below but you are always welcome to submit your current CV and details of your ideal role to us.

    our partners

    We have teamed with world-class thought leaders, industry bodies and technology providers to create best of breed TPRM services and solutions. This enables our Customers to rapidly and seamlessly implement comprehensive TPRM programs with the highest quality of service and support.

    Why choose us?

    We are specialists in Third Party Risk Management with over 20 years of experience in Cyber Security and Governance, Risk & Compliance and a dedicated team of experienced IT Security Assurance Consultants.
    We are a vendor agnostic, managed service provider that is able to focus on delivering a TPRM program built around your specific risk-based, organisational and regulatory requirements.
    We are a Shared Assessments Program member and recognised Assessment Firm with certified IT Security Assurance Consultants able to deliver a comprehensive service based on industry standards and best practice.