What is Third Party Assurance?

Build trust with your third-parties to enable and fuel long term relationships that lead to growth and partnership

As security-aware organizations, we invest a considerable amount of time, resources and money in protecting ourselves from external, malicious threat actors. There are many ways in which a threat can undermine these investments, and it is a method that is becoming increasingly common and effective: exploiting third parties.

As an organization that is undoubtedly part of a wider supply-chain and network of partners and subsidiaries, you are only as strong as the weakest link in that chain—especially if network access and sharing of information is commonplace.

Third Party Assurance is SubRosa Cyber Solutions’ services-based offering and is compiled of the assessment, management and safeguarding of your organization’s third parties. Typically, such organization’s include suppliers, partners, acquisitions and clients.

What is Third Party Assurance?

Third-Party Due Diligence

Merging or acquiring another business can be a rewarding, yet risky endeavor. Ensuring that the entity you are acquiring has been forthright about their risks and liabilities should not be taken lightly. SubRosa Cyber Solutions' third party due diligence services ensures that before a deal is completed, you know the exact cybersecurity risks you face as an acquiring entity.

Service Overview

  • Designed for pre-engagement organizations, including mergers, acquisitions and new vendors
  • Assess the full security and risk program of the organization
  • Incur little-to-no cost of assessing new mergers (and in some cases new vendors)

Expected Results

  • Better understand the risk and security posture of a new acquisition and vendor

  • Potential grounds for leverage in the negotiation of acquiring a new partner, vendor or merger

Vendor Risk Management

Supply-chain breaches are among one of the most common, and potentially impactful forms of cyber-attack. Managing vendor risk is no longer a task that should be limited to just the large enterprise; companies of all sizes should be aware of their supply-chain cyber risk.

Service Overview

  • Suitable for existing suppliers to your organization
  • Assesses the security risk of your entire supply-chain
  • Profiles, organizes and categorizes suppliers based on their risk to your organization

Expected Results

  • Align your suppliers with your organization’s security posture and mission

  • Improved overall enterprise risk management

Client Assurance

Navigating a complex regulatory environment while running a business can be burdensome, especially on the small business. Combined with the ever growing demand from one's Clients to maintain cybersecurity prowess, a company can quickly experience operational impact in trying to keep up with all the requirements. 

Service Overview

  • Respond to your client security Requests for Information (RFI)
  • Leverage SubRosa’s security expertise to provide deep, technical responses when needed
  • Engage SubRosa in client meetings to provide in-person expertise

Expected Results

  • Improve the timeliness and accuracy of your client responses

  • Become more competitive during your client’s acquisition and continuous monitoring of their suppliers

Service Models

Outsourced

  • Leverage SubRosa’s full domain expertise to assess your third-party information security risk

  • All activities covered under a monthly retainer fee

  • Program is designed, run and executed by SubRosa

  • SLAs on all assessments and reporting

  • One-week notice to travel onsite

  • Remote, and physical onsite assessments included

  • Included governance, risk and compliance software support

  • Option for client-owned, custom framework production

Client-Managed

  • Leverage SubRosa’s domain expertise when needed

  • Assessment and reporting on an as-needed basis, per client requests

  • No upfront or retainer costs

  • No service level agreements (SLAs) on assessments and reporting

  • Optional governance, risk and compliance software support

  • Four weeks’ notice to travel onsite

  • All frameworks, tools and methods remain the property of SubRosa Cyber Solutions

More Resources

Get Started with SubRosa Cyber Solutions