Third-Party Risk Management & Vendor Assessment Services
Regulatory requirements such as HIPAA, GDPR, GLBA, ISO 27001, NIST 800-53, and numerous other standards require a risk-based third-party management program to protect the data shared with service providers and vendors.
Protect your customers, incorporate appropriate security standards as part of your contracts and assess your future partners’ abiity to keep information secure. HALOCK can help build and manage a specific program for your environment.
VENDOR SECURITY ASSESSMENTS
HALOCK can integrate with your team to help assess your vendor’s control environment for compliance with privacy and security requirements, reporting assessment results and presenting recommendation for high-risk services to remediate potential exposure of data and security breaches.
HALOCK has Strong Knowledge of:
- Regulatory standards that govern Information Security practices such as HIPAA, PCI, GLBA, and state and federal privacy laws.
- Information Security Risk assessment and analysis methodologies (FFIEC, NIST, etc.).
- Information security standards (ISO 27000 series, NIST, etc.).
Familiarity with Supplier Management GRC systems
Pool of Qualified Security Assessors
Ability to develop executive reports and deliver presentation to executives
THIRD PARTY PROGRAM ASSESSMENTS
HALOCK maps the current vendor management processes to industry standards and proven risk management frameworks. Though HALOCK evaluates the program to the highest maturity model the goal of the assessment is to develop a portfolio of reasonable recommendations, and controls, to align heightened standards with the organization mission and compliances requirements. Working with risk management stakeholders the assessment focuses on:
- Roles and responsibilities within the risk management program
- Workflow reviews of vendor onboarding, oversight and termination.
- Organizations approach to assigning the inherent risk of third-party relations
- Vendor risk tiers definitions
- Vendor assessment process
- Personnel skillsets
- Current policies and framework
DELIVERABLES & ARTIFACTS
CONTRACTUAL SECURITY LANGUAGE
PROGRAM FLOW CHARTS
INHERENT RISK CRITERIA
VENDOR RISK ANALYST CRITERIA
PRE-ASSESSMENT SCOPING WORKSHEETS
VENDOR ASSESSMENT PLANNING
DOCUMENT REQUEST LIST