CRMG Third Party Risk Management in practice — energy
A regional energy company, with a wide range of suppliers of varying levels of maturity regarding cyber security, was concerned about potential cyber exposure via supplier relationships.
CRMG worked with the client to categorise suppliers based on the business criticality of the relationship and applied the Third Party Risk Management approach to implement a simple triage approach, determining the extent to which individual suppliers should be subjected to cyber security scrutiny.
This enabled the organisation to apply a ‘light touch’ to less critical suppliers and greater rigour to those that presented increased cyber risk.
A process for monitoring the ongoing cyber risk status of existing suppliers was implemented, and CRMG trained information security, procurement and legal personnel to apply the new vendor assurance process.
The result — the company reduced costs while lowering cyber risk overall. The new process focuses on minimising supplier-introduced risk while reducing the admin overhead for less critical suppliers.
Find out more