.

SRG Advisory Group LLC, Logo

Scope - Risk - Gap

Phone Icon (862) 227-1002

Third Party & Vendor Risk Management


Risk from third parties is often the single biggest source of IT-related risk for companies, across a wide range of industries from health care and legal to manufacturing. SRG Advisory Group LLC specializes in identifying risks from vendors and third-party entities and helping you manage those risks in a secure and cost effective way. You can look to SRG for:

  • Supplier reviews
  • On-site assessments
  • Shared Assessments (SIG/SIG Lite)
  • Managed and co-managed TPRM (SuRGeTPRM)
  • Program design and assessment
     

Do Any of the Following Apply to Your Organization?

  • Your clients or customers are asking questions about how you manage the risk posed by your third parties, such as suppliers or counterparties, but your information security budget and resources are already stretched to the limit...
  • You are in a regulated industry, and you are required to establish a third-party risk management (TPRM) program, but don't know where to start, or the prospect of building an in-house program is overwhelming...
  • You have already started developing a TRPM function but are unhappy with the results; current implementation is improperly sized, is too slow or is not providing real value...

To solve these challenges, we have developed SuRGeTPRM - A full Third-Party Risk Management Program designed to your exacting needs and in most cases for less than the cost of a single employee.

Our SuRGeTPRM is a co-managed TPRM solution was designed from the ground up utilizing industry best practices and highly qualified, experienced TPRM professionals to collaboratively architect a solution to fit your specific TPRM needs. Whether you need help designing and implementing a new program or help enhancing an existing program our team is here to ensure your success.

SuRGeTPRM includes everything to provide high-functioning, best-of-breed TPRM program, including:

  • Risk Model Customization
  • Population tiering
  • Assessment Tool Development, including an on-line assessment portal
  • Vendor documentation and risk reviews
  • Vendor technical assessments and reassessments
  • On-going monitoring
  • Policy/Procedure Development
  • Upstream responses (to your clients)
  • Report Development
  • Upstream assessments (of your company, used to communicate with clients)
  • Information Systems Support
  • Access to our online dashboard and portal
  • Use of our automated "soup-to-nuts" secure internet tool set

SuRGeTPRM delivers a complete assessment of your critical third-parties, not only do we audit third party provided documentation and conduct a full research-based assessment, our solution goes even further diving deeper into potential risks by leveraging our unique technical risk assessment process (systems fingerprinting, passive engine reconnaissance, vulnerability assessments) The end result provides your organization with a highly detailed report that is customized to meet your specific needs, so your organization gets exactly what it needs, when and how it needs it.

SuRGeTPRM is built on a custom designed proprietary platform, consisting of secure and scalable cloud-based tools to perform technical assessments and scans, deploy and assess questionnaires,  initiate workflows, and provide both individual and aggegate reports. 

SuRGeTPRM is designed to be able to be implemented quickly and efficiently, using a risk model that is applicable across many industries and organizations. We start with standardized and proven risk models, assessment tools, and reporting templates, allowing us to get your program operational very quickly, and then customize these tools to your needs while the program is running. This approach allows us to implement a solution that costs less than it would cost for you to stand up a program internally, while providing real actionable information, that can be directly integrated with your information security program.

SuRGeTPRM is consistent and aligned with:

  • HIPAA
  • ISO 27001
  • GDPR
  • NIST (Cybersecurity framework and 800-53)
  • OCC 2013-29

Our team is highly expert at third-party risk management (TPRM), having worked in organizations as diverse as major healthcare insurers and Fortune 500 banks, and has conducted (literally) thousands of third-party reviews.

Let us show you what we can do. Please contact us here. We'd love to show you a demo of our managed services approach and platform and discuss whatever TPRM issues you might be concerned about.