Managing the cybersecurity and privacy risk that is associated with third-party service providers is the "new normal" and is found in most modern statutory and regulatory requirements, as well as private-party contracts. The news is littered with stories of incidents and data breaches associated with third-party providers and that always reflects badly on the company that hired the vendor. People remember the name of the company they entrusted their data to, not the name of the outsourced service provider that actually made the mistakes that lead to the incident.
When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as vendor management. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Supply Chain Risk Management (SCRM) is one of those products.
ComplianceForge currently offers one (1) product that is specifically designed to assist companies with proactively managing risk associated with third-parties / vendors / suppliers:
The Supply Chain Risk Management (SCRM) is focused on Third-Party Service Providers (TSP) and suppliers. Using vendors or service providers is a common practice - this may range from bookkeeping, to IT support, to janitorial services, to website hosting and even temporary staffing. What all of these outsourced services have in common is that they expose your company to certain levels of risk that could therefore affect your customers' sensitive data. This "soft underbelly" for companies is well known to hackers and identity thieves as a way to get into companies and steal valuable data.
NIST SP 800-161 Rev 1 - Cybersecurity Supply Chain Risk Management Strategy & Implementation Plan (C-SCRM SIP) ComplianceForge developed an editable template for a C-SCRM strategy and implementation plan. This is fully-editable...
ComplianceForge is focused on making the documentation side of the NIST SP 800-171 R3 upgrade as pa...
ComplianceForge is pleased to announce the release of version 2022.3 of the Digital Security Program...
ComplianceForge is pleased to announce the release of a new product: Cybersecurity Supply Chain Risk...
Congratulations to Cybersec Investments for passing its DIBCAC audit to become a CMMC Third-Party As...
