Increasingly, organisations are using third parties in order to meet their business goals. These third parties can play various roles in the supply chain, from the provision of products through to the delivery of information technology services.
Any breach of a contracted third party’s systems has serious impacts on the operational, legal and reputational standing of the contracting organisation. Countries including Australia and New Zealand continue to tighten their regulations, with stiffer penalties for information security and privacy breaches.
Enterprise risk frameworks that encompass third party information security risk, and overall best practice in line with internal policy and international standards such as ISO31000 and ISO27005, are important in complying with the regulatory requirements and overall management of third party information security risk.
It is therefore critical that organisations regularly review their risk profile as associated with the use of these external parties, who handle customer information, financials, Personally Identifiable Information (PII), and Protected Health Information (PHI). Key to this is to identify, assess, mitigate, and continuously monitor third party information security risk in line with the enterprise-wide risk framework.
The Kaon Security team have the capability to assist organisations with a comprehensive Third Party Information Security Risk Review.
The Third Party Information Security Risk Review:
The Third Party Information Security Risk Review report includes the following: