As part of our Assess service line, the Third Party Security Assessment (TPSA) methodology ensures organisations can assess the maturity of third parties, identifying key risks and documenting prioritised recommendations to help manage or mitigate information, cyber or privacy risks.
Whether these are potential acquisitions, a new supplier or within an existing supplier landscape, the TPSA methodology provides a framework to give you visibility across your supply chain.
Identify high level risks, “red flags”, business impacts, providing actionable recommendations
Detailed assessment of third party maturity, identify investment impacts, and associated actions
Ongoing assessment of third parties, measuring change in control effectiveness and identifying trends
Identify end-of-contract activities, validate controls are in place and effective, ensuring data is secured
We work with you to understand your business services and assets, and importantly how you interact with your customers and third parties.
Then, utilising an approach similar to our Cyber Security Posture Review, we measure third party maturity against the National Cyber Security Centre’s 10 Steps to Cyber Security, providing an end-to-end view of control maturity. Through a combination of questionnaires, interviews and follow-ups we assess third party maturity, identifying risks and providing contextualised, actionable recommendations.
This approach ensures you understand the maturity of your third parties, having either agreed remediation plans in place with them, or implementing your own compensating controls.
The Third Party Security Assessment methodology provides a framework against which you can continually assure your third parties. We will work with you to embed this into your business.
