A team of people working on PC's Identifying and categorising their third party information risks A team of people working on PC's Identifying and categorising their third party information risks A team of people working on PC's Identifying and categorising their third party information risks

25 November 2021

Developing Third Party Risk Management for Information Security

When it comes to third party information security risk management, how do you ensure that the third parties engaged to do work for your organisation preserve the confidentiality, integrity, and availability of your information?

Often their “work” could include access to your organisation's data, intellectual property, financials, operations, or other sensitive information.

Here are three reasons why cyber security must be a key consideration when collaborating with suppliers and partners:

  1. Over time it is likely you will increase the number of external touchpoints in your organisation, so if any of these “touchpoints” are compromised, you are at risk
  2. Third parties may be targeted as a route into your organisation, alternatively you may be targeted as a way into a third party
  3. At times you may be sharing sensitive or valuable data or information which you expect your suppliers to protect

Some examples of the steps you can take to make improvements in this third-party risk area include:

  • Identifying and categorising your third parties based on agreed criteria
  • Identifying and classifying the information to be used by or shared with third parties
  • Determining the level of due diligence you will apply upfront and ongoing to each of your third party categories
  • Investigating whether any of those third parties have had an information security incident, and so on

It is well worth getting this aspect of your IT and business operations in hand, in doing so you will help to protect your business from a range of possible reputational, regulatory, financial and legal issues.

Being able to demonstrate a good level of cyber security is increasingly a key component of supplier and provider contracts. To read about how we can assist you to conduct a comprehensive third party information security risk review Click Here.

IT Policy System Version 21 released

An upgrade to Version 21 of the IT Policy System is available now. All customers with current maintenance in place will have received details of the steps required to upgrade in the last few days.

Version 21 incorporates the following enhancements and changes:

  • Statements and mappings to reflect the recent changes in the ASD Essential 8 mitigation strategies
  • Ability to edit policy review dates and “approved by” fields
  • Policy review schedule – new report to track review dates
  • New statement added to the Network Management policy under the new sub- heading of Protective Monitoring
  • Additional (new) ASD documentation in the guidelines section

Time to consider Policy Management as a Service?

Since the release of Policy Management as a Service (PMaaS) we have migrated several customers from their on-premise Policy Systems to either the Essentials or Premium versions of PMaaS. As organisations are increasingly adopting cloud-based delivery of applications a move to PMaaS is a very easy step.

A migration can be completed by our team in as little as 48 hours with all existing customer policy and mapping content made visible in PMaaS.

Feedback on the new functionality so far has been positive, Click Here to view more details.

We would encourage all customers of the Policy System (on-premise version) to book in a 20 minute demonstration of Policy Management as a Service. Contact us today!

 

What's Your Strategy? >

Contact Us Today

Fill in the form below or call us on +61 3 9913 3248 (VIC), +61 7 3194 3664 (QLD) or +61 2 9098 8206 (NSW)