As security-aware organizations, we invest a considerable amount of time, resources and money in protecting ourselves from external, malicious threat actors. There are many ways in which a threat can undermine these investments, and it is a method that is becoming increasingly common and effective: exploiting third parties.
As an organization that is undoubtedly part of a wider supply-chain and network of partners and subsidiaries, you are only as strong as the weakest link in that chain—especially if network access and sharing of information is commonplace.
Third-Party Assurance is SubRosa’s services-based offering and is compiled of the assessment, management and safeguarding of your organization’s third parties. Typically, such organization’s include suppliers, partners, acquisitions and clients.
Third-Party Due Diligence
Service Overview
Designed for pre-engagement organizations, including mergers, acquisitions and new vendors
Assess the full security and risk program of the organization
Incur little-to-no cost of assessing new mergers (and in some cases new vendors)
Expected Results
Better understand the risk and security posture of a new acquisition and vendor
Potential grounds for leverage in the negotiation of acquiring a new partner, vendor or merger
Vendor Risk Management
Service Overview
Suitable for existing suppliers
Assesses the security risk of the whole supply-chain
Profiles, organizes and categorizes suppliers based on their risk to your organization
Expected Results
Align your suppliers with your organization’s security posture and mission
Improved overall enterprise risk management
Client Assurance
Service Overview
Respond to your client security Requests for Information (RFI)
Leverage SubRosa’s security expertise to provide deep, technical responses when needed
Engage SubRosa in client meetings to provide in-person expertise
Expected Results
Improve the timeliness and accuracy of your client responses
Become more competitive during your client’s acquisition and continuous monitoring of their suppliers
Service Models
Outsourced
Leverage SubRosa’s full domain expertise to assess your third-party information security risk
All activities covered under a monthly retainer fee
Program is designed, run and executed by SubRosa
SLAs on all assessments and reporting
One-week notice to travel onsite
Remote, and physical onsite assessments included
Included governance, risk and compliance software support
Option for client-owned, custom framework production
Client-Managed
Leverage SubRosa’s domain expertise when needed
Assessment and reporting on an as-needed basis, per client requests
No upfront or retainer costs
No service level agreements (SLAs) on assessments and reporting
Optional governance, risk and compliance software support
Four weeks’ notice to travel onsite
All frameworks, tools and methods remain the property of SubRosa