Performing effective supplier due diligence and IT security assessments is a critical aspect of your Third-Party Risk Management (TPRM) program. But it’s expensive, time-consuming, and often painful… for both your organisation, as well as each supplier.
SupplierAssess is a Third Party Risk Managed Service that allows you to simplify and improve your existing TPRM program by leveraging DVV Solutions’ expertise in performing and analysing Third Party risk.
The subscription-based service uses industry best practices to enable you to scale your TPRM program without the need for additional staff or resources. DVV Solutions provide the technology, process and people necessary to efficiently understand supplier risk, help you remediate inefficient controls and better protect your organisation from Third-Party risks.
Streamlined Assessments – the intelligence to assess mission-critical suppliers in greater detail and within shorter timescales
Enhanced Capability – the processes, resource and skills to better quantify supplier risk and manage greater volumes of detailed supplier risk assessments
Independent, Professional Verification – the reporting of your entire Third-Party estate by CTPRP-accredited IT Security Assurance Consultants – especially critical for highly regulated industries
Improved Scalability – the flexibility to manage more suppliers and assessments with greater efficiency so you can spend more time on the critical task of risk management
SupplierAssess also enables you to ensure your TPRM program meet existing and emerging requirements from global regulations such as:
UK Data Protection Act & EU GDPR,
EU Digital Operational Resilience Act (DORA),
ESMA Guidelines on Outsourcing to Cloud Service Providers,
Bank of England / PRA Operational Resilience, Outsourcing and Third Party Risk Management,
European Banking Authority Guidelines on Outsourcing Arrangements, and
Monetary Authority of Singapore’s Technology Risk Management (TRM) Guidelines
Expert risk assessment support from a dedicated, CTPRP certified IT Security Assurance Consultant who understand your business requirements
Ranking of suppliers and risk factors, collection of assessments and evidence for each Third Party supplier
Continuous monitoring from that provides supplemental data points about a supplier’s threat landscape
Supplier Assessment Dashboard and Annual Report that include findings and mitigation recommendations
Better understand the risks of potential breaches and data loss from your suppliers
Reduce the time and cost associated with existing manual process and infrastructure
Standardise your processes and metrics for greater efficiency
Significantly improve time-to-complete and response rates for supplier questionnaires
Increase flexibility to scale your Third Party risk assessment process
Measure and report on improvements over time
Develop a more responsive and efficient Third Party Risk Management program for your orgnsiation
We understand your risk appetite, security objectives and compliance requirements
We collect supplier questionnaires, supporting evidence and onsite assessments
We provide detailed risk analysis, reports and recommendations on information accumulated, industry intelligence and contextual risk environment
We work with you and suppliers to implement remediative measures and process improvements
We provide continuous threat intelligence between annual assessments
Robust TPRM Delivered To Your Desk
Your dedicated certified IT Security Assurance Consultant performs detailed analysis based on all the data and evidence gathered and will then present and consult on the identified risks, remediation and mitigation.
SupplierAssess can work with your existing processes and automation tooling or take advantage of our best-of-breed solutions to create a comprehensive and robust managed-service of supplier risk assessment, security rating and continuous monitoring.
SupplierAssess is built upon the Shared Assessments Program processes and practices, including Standardised Information Gathering (SIG) questionnaires and Standardised Control Assessments (SCA) for onsite verification, to ensure your TPRM program is delivered to industry-standards.
We are specialists in Third Party Risk Management with over 20 years of experience in Cyber Security and Governance, Risk & Compliance and a dedicated team of experienced IT Security Assurance Consultants.
We are a vendor agnostic, managed service provider that is able to focus on delivering a TPRM program built around your specific risk-based, organisational and regulatory requirements.
We are a Shared Assessments Program member and recognised Assessment Firm with certified IT Security Assurance Consultants able to deliver a comprehensive service based on industry standards and best practice.