Third Party and Supplier Risk Management

Control the cyber risk associated with critical third-party relationships.

Third Party Risk Management.

CRMG’s Third Party Risk Management service uses a triage approach to accurately identify the cyber risk implications of working with third parties (most often suppliers, but the logic can apply to any partner or third party organisation), based on the specific product or service offered, the data sharing required, and the contract terms.

Our approach provides a clear picture of cyber security control gaps, indicating the level of risk they pose, and provides you with recommendations for remediation, directing you to apply appropriately rigorous measures.

The result — all the data you need to make informed decisions on onboarding new third parties, renegotiating current supply contracts, and terminating high-risk relationships.

How it works:

CRMG employs a four-stage process to help you quickly and effectively gather information, identify risk and manage new and current relationships.

  1. Initial Assessment – we use a triage technique to identify all factors which impact the risk profile of a product or service to be procured, including data transfer and storage, payment handling, hosting infrastructure, and more.
  2. Third Party Assessment – We produce a tailored supplier questionnaire for each vendor which aligns with your chosen security standard (ISO, NIST, custom), and explores an appropriate level of detail based on business risk. Where required, we can also review Open Source Intelligence (OSINT) to add further context to the risk picture.
  3. Assessment Report – you receive tailored reports for each third party which highlight the level of cyber risk exposure, the control gaps which need to be addressed, and the specific cyber security measures which will be most effective.
  4. Input to Procurement/Legal – using the output reports, you’ll be able to negotiate vendor contracts that reflect the inherent cyber risk of each individual third party relationship.

How it helps:

Once you have worked through the CRMG Third Party Risk Management process for each of your critical third party relationships, here’s what you can expect:

  • You’ll have a clear view of the information shared with each third party or supplier, and the associated cyber risk in each case.
  • You’ll be able to quickly and effectively review current third-party relationships, remediating or terminating contracts where needed to reduce your exposure.
  • You’ll have the tools to make informed decisions on onboarding new vendors and understand the risk implications of each new relationship.
  • You’ll be able to achieve optimal protection levels, based on real business risk, without imposing unnecessary burdens on suppliers.

 

Conduct deep-dive tailored assessments into your most critical relationships.

Assess third party cyber risk quickly, accurately and efficiently.

Evaluate existing arrangements and prioritise necessary changes.

Focus your resources on relationships posing the greatest risk.

Create tailored supplier questionnaires based on your chosen security standard.

Embed a third party cyber risk assurance process that fits current and future needs.

    Book A Meeting.

    From Us To You.
    Explore Our Resources.

    VIEW RESOURCES

    Understanding the Fifth Chapter of DORA

    The Digital Operational Resilience Act (DORA), introduced by the European Union, is a critical piece of legislation designed to strengthen

    READ MORE

    Understanding the Fourth Chapter of DORA

    The fourth chapter of the Digital Operational Resilience Act (DORA) is designed to ensure that financial entities can withstand, respond

    READ MORE

    Understanding the Third Chapter of DORA

    As we continue with our analysis of the Digital Operational Resilience Act (DORA), Chapter 3 stands out as a pivotal

    READ MORE

    Meet Our Leadership Team.

    At CRMG, our senior leadership team brings a rich history and deep expertise in cyber security. Spearheaded by consultants who are influential figures in the industry, our leaders are highly networked and well-established, with backgrounds in the ‘Big- Four’ firms.

    LEARN MORE

    Simon Rycroft

    CO-FOUNDER AND CEO

    Former Head of Consulting at the ISF. On a journey to bring accessible risk management to growing enterprises.

    Nick Frost

    CO-FOUNDER AND CHIEF PRODUCT OFFICER

    Former Group Head of Information Risk, PwC. Motivated by the need to implement cyber risk principles for the real world!

    Dan Rycroft

    DELIVERY DIRECTOR

    Former Head of Delivery, Cyber Security at DXC. Delivers risk-based cyber security programmes with maximum efficiency.

    Matt Brett

    DELIVERY LEAD – CYBER RISK SOLUTIONS

    Former Portfolio Director, Tech Security & Risk, GSK. Specialises in implementing efficient, pragmatic cyber risk solutions.

    Martin Tully

    DELIVERY LEAD – GOVERNANCE AND COMPLIANCE

    Twenty years’ experience in delivering fit-for-purpose cyber governance initiatives.

    Louis Head

    CONSULTANT – GOVERNANCE AND COMPLIANCE

    An expert in everything ISMS-related, and how compliance works in practice.

    Guy Asch

    COMMERCIAL DIRECTOR

    A seasoned Commercial Director, driving P&L business leadership through innovative strategies.

    Ryan Hides

    DELIVERY LEAD – THIRD PARTY RISK MANAGEMENT

    Project Management and Six Sigma expertise. Specialises in turning effective third party risk management into a scalable reality.

    Sarrah Ahmed

    HEAD OF MARKETING

    Bringing over 17+ years of marketing expertise, passionate about crafting innovative marketing campaigns.


    [email protected]
    0203 811 8727
    Meet The Team
    Our Approach
    Our Heritage
    Our Locations
    Values & Ethos
    GRC Solutions
    Consultancy
    Compliance & Certification
    News
    Case Studies
    Contact
    Book A Demo
    Cookies
    Privacy Policy

    Proud To Partner With

    © Cyber Risk Management Limited. All Rights Reserved.