URM’s blog discusses upcoming changes to Cyber Essentials, including the changes seen in the Willow Question Set and how they may impact your organisation.

Events

About Us

About URM

Overview

URM Core Values

Certifications

CSR

Testimonials

Partners

Our Partners

Become Partner

Subscribe to our mailing list

Abriska 27036

Frequently Asked Questions

What are the challenges of information security
supplier risk management and supplier due diligence?

As we process more and more information be that client, financial, product or HR, we find ourselves increasingly dependent upon suppliers and other third parties. Such parties may have either direct or indirect access to our organisation’s information and information systems, or may be providing software, hardware, processes or human resources that will be involved in information processing.

So, when you assess the security and the privacy of your information, you need to ensure you fully assess the risks posed by suppliers and others. As with the adage ‘you are only as strong as your weakest link’, suppliers may well represent your greatest vulnerability.

As such, the supplier due diligence aspect of risk management is absolutely paramount in ensuring that your suppliers have the required and appropriate measures in place for information security, privacy and data protection. One of the key challenges in conducting supplier due diligence, however, is ensuring that your assessment (often in the form of questionnaires) is tailored to the role of that supplier or third party and what information they have access to.

Many organisations use the same questionnaire for all suppliers. This results in something which is overkill for low-risk suppliers (e.g. suppliers of office stationery) and not sufficiently detailed for a high-risk supplier or partner (e.g. new hosting provider).

How can supplier risk management software or tools help?

Supplier risk management software can help organisations to automate the due diligence and monitoring tasks and be able to centralise risk management in one place.

In addition, risk management processes can be streamlined and efficiency can be significantly improved, particularly in repetitive and time-consuming administrative tasks. Reporting is another area where risk management software can dramatically reduce the time and effort involved.

Download Abriska 27036 Product Sheet

Abriska 27036 overview

We have been using Abriska to support us in carrying out the risk assessment that underpins our ISO27001 certification for some years now. It helps us to easily group and organise our assets, identify threats and vulnerabilities and determine justifiable risk scores. It centralises all of our risk assessment documentation and offers a range of useful extracts such as a statement of applicability and risk register that take much of the work out of the risk assessment process and allow us to focus on remediation.

Frontier Economics

Economic Consultancy