What is Third Party Assurance?

Build trust with your third-parties to enable and fuel long term relationships that lead to growth and partnership.

get started

What is Third Party Assurance?

As security-aware organizations, we invest a considerable amount of time, resources and money in protecting ourselves from external, malicious threat actors. There are many ways in which a threat can undermine these investments, and it is a method that is becoming increasingly common and effective: exploiting third parties.

As an organization that is undoubtedly part of a wider supply-chain and network of partners and subsidiaries, you are only as strong as the weakest link in that chain—especially if network access and sharing of information is commonplace.

Third Party Assurance is SubRosa’s services-based offering and is compiled of the assessment, management and safeguarding of your organization’s third parties. Typically, such organization’s include suppliers, partners, acquisitions and clients.

View the Service

Vendor Risk Management

Assess your entire supply chain for cybersecurity risk, benchmark and profile suppliers, and hold them accountable for their cybersecurity programs. Enhance your corporate security posture and increase business resiliency through a security-conscious supply chain
Vendor Risk Management

Third-Party Due Diligence

Assess acquisitions and new suppliers for cybersecurity risk, and include contract language to support cybersecurity requirements. Make security-driven purchasing decisions, reduce risk, and lower acquisition costs
Third Party Due-Diligence

Client Assurance

Respond to client RFIs promptly and professionally with SubRosa’s expertise. Stand out by providing security-conscious responses and save time and labor by delegating RFI responses to SubRosa.

Service Models

  • Leverage SubRosa’s full domain expertise to assess your third-party information security risk
  • All activities covered under a monthly retainer fee
  • Program is designed, run and executed by SubRosa
  • SLAs on all assessments and reporting
  • One-week notice to travel onsite
  • Remote, and physical onsite assessments included
  • Included governance, risk and compliance software support
  • Option for client-owned, custom framework production
  • Leverage SubRosa’s domain expertise when needed
  • Assessment and reporting on an as-needed basis, per client requests
  • No upfront or retainer costs
  • No service level agreements (SLAs) on assessments and reporting
  • Optional governance, risk and compliance software support
  • Four weeks’ notice to travel onsite
  • All frameworks, tools and methods remain the property of SubRosa