A robust third-party assurance programme allows your organisation to ensure the data and systems it entrusts to its providers are maintained in a secure and compliant manner.
Proper due diligence and risk analysis are critical components delivering the assurance programme. The programme should become an integral part of contract management. Due diligence should focus on the thorough vetting of organisations, prior to establishing or continuing a relationship.
How we can help:
Design and develop written third-party agreements, policies and procedures to promote consistency and mutual understanding between the business and service provider.
Conduct audits across the business to review, identify and assess known and unknown risks, including site visits, physical security reviews and provide an assurance opinion.
Design, develop and maintain the monitoring regime of the service provider and its compliance to business policies and legislation.
Design and implementation of processes and procedures for a Control Risk Self Assessment compliance regime.