Third Party Risk Management - Consultancy, Assessment & Advisory

Supplier Risk Manager

Streamlining the Supplier Risk Assessment process with Effective Workflow Automation

You have hundreds – maybe thousands – of Third Party suppliers, and some of them have custody of your sensitive data. Some may even have access to your network. For those suppliers, their security weaknesses are your weaknesses. Do you know how they are protecting YOUR data?

Supplier Risk Manager is a Third Party Risk Management and Assessment “Software as a Service” (SaaS). It simplifies and automates many of the tasks associated with the Supplier Risk Management and Assessment process, including evidence collection, evidence risk analysis, email notifications, and scheduling. Supplier Risk Manager offers security, compliance, and risk management professionals a platform to manage and automate the supplier risk assessment process.

Supplier Risk Manager enables organisations to evaluate suppliers based on supplier tiers determined by their importance or potential risk to the organisation.

Supplier Risk Manager also includes the creation of standard tier structure for the organisation, a standardised assessment workflow, Shared Assessment content, evidence collection, risk scoring, and reporting.

Why Customers choose Supplier Risk Manager

  • Simplification – enables greater efficiency in the management of high volume of supplier risk assessments
  • Automation – creates a standardised, consistent process for assessments and risk management managed through a simple user interface
  • Scalability – increases the number of supplier risk assessments your organisation manages and improves response rates from suppliers with the same or less resources
  • Compliance – establishes best-practice processes and assessments to meet industry and regulatory requirements

Industry standard content from Shared Assessments

Supplier Risk Manager uses Shared Assessments licenced Standardised Information Gathering (SIG and SIG Lite) questionnaires. The Shared Assessments Program was created by leading financial institutions, the “Big Four” accounting firms, and key suppliers, to inject standardisation, consistency, speed, efficiency and cost savings into the Third Party risk assessment process.

Integrate Technical Monitoring

Trust, but verify your supplier’s security controls with Technical Monitoring integrations. Using a secure integration model your suppliers can now directly provide evidence into your assessments from the security technologies they use to secure your data. Current integrations include Veracode and HP Fortify on Demand.

Key Features and Benefits

  • Simplifies and automated Supplier Risk Assessment and program management
  • Organises relevant supplier risk information in a single location
  • Tiers suppliers based on data risk and organisational importance
  • Leverages Shared Assessments SIG content for controls based assessment
  • Evaluates risk across multiple evidence sources
  • Creates risk scoring per supplier against your standard
  • Schedules regular supplier risk assessment based on your requirements
  • Easy to use wizards for creating new suppliers and relationships
  • Leverages Variable Scoping to assess suppliers, software, and/or services type within a single assessment
  • DirectLink or manual upload of application security reports offers suppliers options based on their application security program
  • Open architecture allows two-way integration of supplier risk assessment and risk information and your existing GRC system data
Call today 0161 476 8700

or Submit a Contact Form

Why choose us?

We are specialists in Third Party Risk Management with over 18 years of experience in Cyber Security and Governance, Risk & Compliance
We are a Shared Assessments program member and recognised Assessment Firm with CTPRP-certified IT Security Assurance Consultants.
We are focused on delivering a Third Party Risk Management program that secures your data supply chain and enhances your IT security posture.