Reduce your third-party due diligence backlog

Are you overwhelmed with new IT projects and suppliers? Are you stressed with multiple compliance regimes? Are you getting behind in your due diligence and cyber risk remediation?

Maintain vigilance over your changing business and technology environment, ensure vulnerabilities are managed and addressed, and build trust in your brand and services.

  • Company (entity) due diligence and financial due diligence.
  • Service quality assessment (functional and non-functional).
  • Cyber Security risk and control assessment.
  • Contract review.

Keep up with change

100% confidence in supplier due diligence.

Supplement your team 

Skilled and experienced TPRM specialists

Confidently understand your supply chain risk and control environment.

Company (entity) due diligence

  • Conduct proprietary due diligence and financial due diligence assessment. No more surprises at contract stage.
  • Review publicly available information, without relying on referrals from others, or standard responses.

Cyber security risk and control assessment (tailored to risk)

  • Conduct Vendor Inherent Risk Assessment (VIRA). Develop a risk-based approach up front.
  • Review Security Rating Service scan / questionnaire, without relying on an external one size fits all approach.
  • Engage with vendor to obtain additional information, without dedicating the internal team to follow up.
  • Conduct ISO 27001 or NIST CSF Security Assessment, without subjective difference between team members.
  • Review SOC 2 or other independent audit reports, without assuming all controls are covered or effective.
  • Report on findings and recommendations. Obtain an independent expert assessment.

Service quality assessment (functional and non-functional)

  • Conduct ISO 9126 service quality assessment, without relying on an incomplete set of internally developed controls.

Contract Review

  • Review and markup vendor or customer contract, without dedicating expensive legal resources.
  • Provide any required cyber security contract language. Use a standard library of clauses aligned to cyber control objectives.

Uplift your third-party risk management capacity and gain confidence in your supplier due diligence, without relying only on industry scores, or worrying about not having the necessary skills or resources.

Our Approach

  • Vendor Inherent Risk Assessment (VIRA)
  • Security Rating Service recommendations
  • Vendor Questionnaire Engagement
  • Company (Entity) Assessment
  • ISO 9126 Service Quality Assessment
  • ISO 27001 or NIST CSF Assessment
  • Report on Findings and Recommendations
  • Contract Review and Markup

Key Benefits

  • Reduce the backlog of unmanaged risks
  • Free up in-house teams to focus on strategic cyber priorities
  • High-volume, low-cost burst capability or a fixed price for bulk assessments
  • Supplement generic supply scoring using platforms
  • Confidence in using certified industry experts

Find out how we can help reduce your supplier due diligence backlog

Book a 30 minute discussion where we’ll learn more about your third-party risk management challenges, and show how we can help both increase rigour and reduce your backlog.

Schedule a Call

A third-party risk and cyber security assessment should be conducted for all suppliers and Software-as-a-service procured. For digital leaders, distributed organisations, and organisations moving to the cloud, the workload may be unmanageable, requiring external help and tools. We provide relief, giving you the full picture of your supply chain risk, thoroughly examining each supplier’s security practices and capabilities – and your associated risk.

David VohradskyCEO