TUV Rheinland OpenSky Launches Third-Party Risk Management Services

Global cyber risk quantification and risk management service provider to expand third-party risk management capabilities for clients in North America.

Littleton, U.S.; Cologne, Germany – December 20, 2019. TUV Rheinland OpenSky, a leading expert in Cybersecurity, Cyber Risk Quantification and Risk Assessments, today announced the creation of third-party risk assessment (TPRA) services. TUV Rheinland OpenSky has successfully partnered with multiple institutions to consistently measure, track, and manage third-party risk through our proven TUV Rheinland OpenSky methodology and engagement model.

TUV Rheinland OpenSky TPRA services combine end-to-end risk assessment through risk quantification, ad-hoc third-party risk assessments, vendor risk program lifecycle management and an overall risk report for stakeholders.

The TUV Rheinland OpenSky third-party risk management methodology utilizes a six-step process through initiation, discovery, development, reporting, testing and a conclusion phase to ensure the highest quality of work.

Why Third-Party Risk Management is so Critical

Not only has the number of data breaches due to third-party vendors increased 22% since 2015, 63% of all cyber-attacks can be directly or indirectly traced to third parties. Moreover, many regulations and contracts now require third-party risk management programs.

“As vendors continue to be relied on more and more for various business support, programs and applications, vendor cybersecurity risk naturally becomes a major priority,” explains Jimmy Doctor a CISSP, CISM, GRCP, MBA, an eGRC Practice manager for TUV OpenSky.

“We’ve seen third-party related breaches make headlines. Being able to overcome third-party vendor cybersecurity risks starts with building and maintaining a reliable risk management framework.”

Why TUV Rheinland OpenSky for Third-Party Risk Management

TUV Rheinland OpenSky has the expertise to ensure that all your organization’s third-party needs are met. For organizations that require a deeper level of guidance, TUV Rheinland OpenSky can perform end-to-end management of the entire vendor risk management lifecycle including:

  • Assistance with measuring inherent risk
  • Determining the most appropriate control framework
  • Soliciting responses to questionnaires
  • Coordinating meetings to gather answers
  • Automation of end-to-end third-party risk management processes in eGRC (such as RSA Archer)

Taking a closer look at the type of business vendors provide is a critical factor to establish an appropriate assessment methodology. For companies starting their third-party risk management journey, TUV Rheinland OpenSky performs a comprehensive initial assessment of business drivers, industry standards, and customer requirements to fortify a company’s Third Party Risk Management program.
Lastly, TROS can enable the automation of business processes in a GRC platform for greater operational effectiveness and efficiency.

For more mature organizations that need additional help to quickly but accurately assess risk using a pre-established methodology, TUV Rheinland OpenSky has resources to perform deep inspections of vendor artifacts. Through RiskLens, these inspections are conducted to ensure controls are deployed corresponding to the risk of that vendor. We also specialize in importing this data into RSA Archer for companies that use this platform for their enterprise governance risk and compliance (eGRC) needs.

Finally, for companies seeking to push themselves higher on the maturity curve, TUV Rheinland OpenSky specializes in implementing a risk quantification platform to enable clients to quantify inherent and residual vendor risk, including vendor risk vector scores from publicly available sources. This culminates in the delivery of a risk quantification module that can be consistently deployed across all vendors to accurately depict the highest risk areas to the enterprise.

About TÜV Rheinland

TÜV Rheinland is one of the world’s leading independent testing service providers with almost 150 years of tradition. Employing over 20,000 people around the globe, TÜV Rheinland generates an annual turnover of 2 billion euros. The independent experts stand for the quality and safety of people, technology and the environment in almost all areas of business and life. TÜV Rheinland inspects technical facilities, products and services, accompanies projects, processes and information security for companies. The experts train people in numerous professions and industries. TÜV Rheinland has a global network of recognized laboratories, testing centers and training centers at its disposal for this purpose. Since 2006, TÜV Rheinland has been a member of the United Nations Global Compact for greater sustainability and against corruption. Website: www.tuv.com

About TUV Rheinland OpenSky

TUV Rheinland OpenSky offers one of the most advanced and integrated portfolios of security solutions and services for connected devices, platforms and Internet of Things (IoT), with the mission to enable secure and safe digital solutions. We provide advisory, consulting, systems integration, testing, certification and managed security services for connected platforms in three core disciplines: Advanced Cyber Defense; Mastering Risk and Compliance and Secure Cloud Enablement. Our experts help clients protect information assets, minimize risk and accelerate the adoption of enabling technologies by taking a holistic risk-based approach that addresses Cybersecurity, Privacy, Cloud Infrastructure and Functional Safety requirements to build trusted, connected platforms.

With headquarters in Littleton, MA, TUV Rheinland OpenSky is a subsidiary of TÜV Rheinland Group, which operates some of the world’s broadest smart device and IoT testing labs, defining industry standards for functional safety and security, and a leading provider of inspection and assurance services that combine safety, quality and security certifications. Website: www.tuvopensky.com

TUV Rheinland OpenSky:
Jen Picardo , Press, Tel.: (978) 266-9500
TUV Rheinland of North America, Inc.

Before you leave…
want to sign up for our newsletter?