Organisations engage with a broad range of Third Parties to help manage their business functions or operations. In doing so, they may need to share a range of information or grant Third Parties direct (or indirect) access to the organisations IT infrastructure and therefore data.
Despite the rise in security incidents attributed to Third Parties, especially in areas of managed services or other IT outsourcing, many organisations do not have a robust process in place to manage risks associated with outsourced ICT services.
The risk management program should account for the following risks:
The system must include the following key elements:
Due diligence in Third Party selection particularly when
- Sensitive information is / will be shared with a third party
- The product/service purchased is business critical and disruption to its delivery is unacceptable.
Addressing security within supplier agreements: Supplier agreements should be established and documented to ensure that there is no misunderstanding regarding both parties obligations to fulfill relevant information security requirements.
Monitoring and review of supplier services: Ongoing monitoring and regular reviews of supplier services should be conducted. In particular, businesses should ensure that information security requirements are being closely followed and that any information security incidents are reported and properly managed according to agreed procedures.
How eHealth ISPS can help
eHealth ISPS has a strong background in handling all aspects of third party vendor management including: program initiation, comprehensive risk assessments, controls and monitoring techniques.
Our supplier security risk management managed services offer a
collaborative and customized approach that enables your organization to effectively assess, monitor and evaluate your third-party relationships.
CONTACT US TODAY and see how we can help you.
© 2018 eHealth Information Security and Privacy Services (ISPS)