Overview
Resilient IT/OT/ET security depends on a trusted and secure supply chain. We help organizations implement consistent third-party assurance and integrate security requirements from procurement through to ongoing vendor management.
Approach
Embedded Practices
- Review where supplier management is currently addressed in business processes such as Procurement, Enterprise Architecture Review Board, and others.
- Review procurement and contractual requirements on Suppliers and subcontractors, including obligations, escalation, and penalties.
Services & Outcomes
Supplier Assurance Program
- Build and maintain a register of primary and subcontractors for SOC 2 Type II reviews and other ongoing assessments, aligned with contractual agreements.
Contractual Security Controls
- Develop checklists and templates for including security requirements & clauses in RFPs, MSAs, and SOWs.
- Create new or update procurement language for RFPs, MSAs, SOWs to help organizations engage Suppliers in compliance with CMMC (U.S.), CPCSC (Canada).
Vendor Security Patterns
- Create and/or recommend updates to architectural patterns for vendor remote access, secure file sharing, and logical/physical access controls on 3rd party service providers.