Third Party Security Assessment

As part of our Assess service line, the Third Party Security Assessment (TPSA) methodology ensures organisations can assess the maturity of third parties, identifying key risks and documenting prioritised recommendations to help manage or mitigate information, cyber or privacy risks. 

Whether these are potential acquisitions, a new supplier or within an existing supplier landscape, the TPSA methodology provides a framework to give you visibility across your supply chain.

Initial Due Diligence

Identify high level risks, “red flags”, business impacts, providing actionable recommendations

Detailed Due Diligence

Detailed assessment of third party maturity, identify investment impacts, and associated actions

In-Life Assurance

Ongoing assessment of third parties, measuring change in control effectiveness and identifying trends

Exit

Identify end-of-contract activities, validate controls are in place and effective, ensuring data is secured

Our Approach

We work with you to understand your business services and assets, and importantly how you interact with your customers and third parties.

Then, utilising an approach similar to our Cyber Security Posture Review, we  measure third party maturity against the National Cyber Security Centre’s 10 Steps to Cyber Security,  providing an end-to-end view of control maturity. Through a combination of questionnaires, interviews and follow-ups we assess third party maturity, identifying risks and providing contextualised, actionable recommendations.

Your Benefit

This approach ensures you understand the maturity of your third parties, having either agreed remediation plans in place with them, or implementing your own compensating controls.

The Engagement

The Third Party Security Assessment methodology provides a framework against which you can continually assure your third parties. We will work with you to embed this into your business.

ICA Consultancy provides advisory and consultancy services, and virtual resourcing (Virtual CISO, DPO etc.) engagements, helping organisations identify, manage and mitigate information, cyber and privacy risks.

© All rights reserved