Third Party Risk Management - Consultancy, Assessment & Advisory


Managing Third Party Risk in Retail IT operations and the data supply chain

Your ecosystem of Third Party relationships provides important strategic business advantages. It also exposes you to unpredictable and substantial risk. Data breaches targeting Retailers and their Third Parties dominate the news and boardroom as they offer potentially high value and high profile results for the hackers BUT significant risk of reputational damage, enforcement actions and fines.

In August 2014, PCI published additional guidance on managing Third Party risk and assurance recommending a thorough risk assessment on each Third Party service provider (TPSP) based on an industry-accepted methodology, stating

The use of a TPSP, however, does not relieve the entity of ultimate responsibility for its own PCI DSS compliance, or exempt the entity from accountability and obligation for ensuring that its cardholder data (CHD) and CDE are secure.  Clear policies and procedures should therefore be established between the entity and its TPSP(s) for all applicable security requirements, and proper measures should be developed to manage and report on the requirements. 

A robust and properly implemented third-party assurance program assists an entity in ensuring that the data and systems it entrusts to TPSPs are maintained in a secure and compliant manner. Proper due diligence and risk analysis are critical components in the selection of any TPSP.”

Third Party risk management is no longer optional and PCI-DSS 3.0, GDPR and other regulatory requirements have also put a major emphasis on scaling Third Party risk programs. Securing your data supply chain in Retail operations and managing the risks associated with access to the cardholder network is a major challenge that Retailers of all size are still struggling to tackle.

Addressing the Big Risk from Small Suppliers

Smaller suppliers – usually SMB’s – rarely have the manpower, expertise, or budget to establish and maintain a baseline of security. Third Party risk assessments questionnaires designed for your largest vendors do not take into consideration the very different infrastructure of a small or medium-sized business or the ability to validate and verify the information provided.

But evaluating the risks posed by smaller third-party suppliers doesn’t have to be difficult. DVV Solution can provide innovative solutions based on NIST, SANS and other risk management standards that evaluate internal security controls, including those which represent the most likely avenues for attacks.

Designed with SMB’s in mind, the Small Supplier Risk Assessments delivered by DVV Solutions can be tailored and scaled to meet the variety and complexity of your entire third-party and fourth-party relationships.

Taking the pain out of the Risk Assessment process

With over 15 years’ experience in IT Security, Risk and Assurance DVV Solutions has the technology, process, and people necessary to deliver the highest standard of Third Party risk assessments.

Our SupplierAssess managed service provides robust on-site and remote Third Party risk assessments and real-time supplier threat intelligence that can supplement or substitute your existing third-party risk assessment efforts. SupplierAssess will help you truly understand your Third Party supplier risk, remediate inefficient controls and better protect your organisation

Call today 0161 476 8700

or Submit a Contact Form