Third-Party Risk Management & Vendor Assessment Services

Are you ready for the 23 NYCRR 500: NYDFS Deadline coming on March 1, 2019? Simplify Your Business. Secure Your Partners.

Regulatory requirements such as HIPAA, GDPR, GLBA, ISO 27001, NIST 800-53, and numerous other standards require a risk-based third-party management program to protect the data shared with service providers and vendors.

Protect your customers, incorporate appropriate security standards as part of your contracts and assess your future partners’ abiity to keep information secure. HALOCK can help build and manage a specific program for your environment.

VENDOR SECURITY ASSESSMENTS

HALOCK can integrate with your team to help assess your vendor’s control environment for compliance with privacy and security requirements, reporting assessment results and presenting recommendation for high-risk services to remediate potential exposure of data and security breaches.

HALOCK has Strong Knowledge of:

  • Regulatory standards that govern Information Security practices such as HIPAA, PCI, GLBA, and state and federal privacy laws.
  • Information Security Risk assessment and analysis methodologies (FFIEC, NIST, etc.).
  • Information security standards (ISO 27000 series, NIST, etc.).

Familiarity with Supplier Management GRC systems
Pool of Qualified Security Assessors
Ability to develop executive reports and deliver presentation to executives

HALOCK Vendor Tiers

THIRD PARTY PROGRAM ASSESSMENTS

HALOCK maps the current vendor management processes to industry standards and proven risk management frameworks. Though HALOCK evaluates the program to the highest maturity model the goal of the assessment is to develop a portfolio of reasonable recommendations, and controls, to align heightened standards with the organization mission and compliances requirements. Working with risk management stakeholders the assessment focuses on:

  • Roles and responsibilities within the risk management program
  • Workflow reviews of vendor onboarding, oversight and termination.
  • Organizations approach to assigning the inherent risk of third-party relations
  • Vendor risk tiers definitions
  • Vendor assessment process
  • Personnel skillsets
  • Current policies and framework
HALOCK TPRM Third Party Risk Management
THIRD-PARTY RISK MANAGEMENT WORKFLOW
HOW DO YOU ALIGN TO A MATURE INDUSTRY STANDARD THIRD-PARTY RISK MANAGEMENT PROGRAM?

DELIVERABLES & ARTIFACTS

CONTRACTUAL SECURITY LANGUAGE
PROGRAM FLOW CHARTS
INHERENT RISK CRITERIA
VENDOR RISK ANALYST CRITERIA
PRE-ASSESSMENT SCOPING WORKSHEETS
VENDOR ASSESSMENT PLANNING
SECURITY QUESTIONNIARES
DOCUMENT REQUEST LIST

HALOCK TPRM Third-Party Vendor Inherent Risk
INHERENT RISK ASSESSMENT

HALOCK TPRM Third-Party Vendor

  Contact us for Scope & Quote

Contact Us