Third Party Security Assurance

Third Party Assurance – A new dawn

Historically, Third Party Assurance meant evaluating the financial resilience of an organisation to determine whether they were viable enough to deliver what you needed. Today, the Third-Party Assurance landscape has moved on significantly. Like the expanding Universe, Third Party Assurance regulation, legislation and requirements seem to be accelerating. Anti-money laundering, Bribery and Corruption, Modern Slavery, …

Third Party Assurance – A new dawn Read More »

Third Party Assurance gets new baseball bat

This initial investigation was triggered by guidance that was released by the ICO in the UK, that insists that processors must allow audit and inspection rights to their controllers in their contractual terms. In the GDPR , Article 28.3.h states: That contract or other legal act shall stipulate, in particular, that the processor: makes available …

Third Party Assurance gets new baseball bat Read More »

Third Party Security Assurance Questions – Part 2

We left off last time out on Risk Treatment. The previous post is here. So following up using ISO 27001 as a base for our questions, the next section would be Performance Evaluation. Performance Evaluation In ISO 27001 speak, this is the monitoring of your security controls. You can understand a lot about the maturity …

Third Party Security Assurance Questions – Part 2 Read More »

How not to create a Maturity Model for Third Parties

The US Department of Defense recently released version 0.4 of its CyberSecurity Maturity Model Certification (CMMC). This is supposed to make third parties more accountable for their security controls to the DoD for the sensitive information they handle. If you cannot follow the link, it is because you are not in the US. They have …

How not to create a Maturity Model for Third Parties Read More »

Third Party Security Assurance Questions

Third Party Security Assurance has made a pretty poor name for itself. This is due to many organisations paying lip-service to the requirement and not implementing it properly. Many organisations view Third Party Security Assurance as the need to send your supplier a questionnaire with some security questions on it, and when (or even IF) …

Third Party Security Assurance Questions Read More »

Third Party Assurance – your weakest link

Organisations spend considerable sums of money to protect themselves against the cyber risks that they see in front of them. Unfortunately, you can’t manage what you can’t see. This has been the problem with third party assurance for a significant length of time. Historically, data was fairly immobile with mainframes and the lack of an …

Third Party Assurance – your weakest link Read More »