Strategic Consulting

Cloud/Service Provider Assessment

A supply chain is only as strong as its weakest link.  Too often, organizations fail to ensure their service providers meet security and compliance requirements to the same level required internally. Service providers who do not or cannot demonstrate that they meet the same security requirements as your organization pose a threat to  critical and sensitive information and systems and data, and their security can increase the reputational, financial, and regulatory risk to your organization. Service providers need to be held to a high standard, and need to ensure that suitable and effective security controls extend to downstream service providers and related ecosystems.

AppSec Consulting can assist in validating existing service provider agreements, policies, and procedures to determine if they’re adequate to protect your organization’s critical systems and data. The next step is to assess the security controls of your service providers, and ensure proper protection of your organization’s information assets in the service provider’s custody or under their control.  Our service offering ranges from preparing honor-system based supplier surveys that the organization can use to performing onsite technical reviews and penetration tests.  Our goal is to determine the best approach and methodology for each engagement, using a risk-based approach while carefully considering budgetary and resource constraints.  This approach allows AppSec Consulting to deliver comprehensive reporting that identifies system weaknesses and vulnerabilities that threaten the security of the service provider environment and provide actionable remediation recommendations.

Our Approach

  1. Confirm the scope of engagement and identify goals and objectives.
  2. Review contractual obligations, industry and regulatory standards, organizational policies and procedures, and service level agreements related to the assessment.
  3. Assess organization’s procedures related to third party and vendor management program , such as onboarding, continuous monitoring, and separation process
  4. Enumerate all service provider requirements for the engagement.
  5. Assess service provider security controls to identify gaps in requirements and determine suitability and operational effectiveness of controls.
  6. Prepare a custom report that details findings and includes remediation recommendation.

The AppSec Consulting Difference

  • You're guaranteed to be assigned a consultant with the experience, expertise, and industry knowledge to perform the Supplier Risk Assessment.
  • AppSec Consulting will help identify industry-specific, legal, and regulatory requirements that need to be addressed in the Risk Assessment.
  • Our approach differentiates us from the competition – we know each supplier risk assessment has unique goals and objectives based on multiple factors.
  • We’ll help you identify weaknesses and vulnerabilities within your service provider community that threaten you or your customers’ systems and assets.    

What You Get

  1. A custom written Service Provider Risk Assessment Report focused on issues important to your organization.
  2. Peace of mind knowing the level of security maintained by your Service Providers.
  3. An independent third party assessment of your Service Providers based on the of compliance and regulatory frameworks appropriate to your organization.
  4. An outside the box approach based on common sense and your objectives.
© Copyright 2017 AppSec Consulting, All Rights Reserved