TUV Rheinland OpenSky Launches Third-Party Risk Management Services
Global cyber risk quantification and risk management service provider to expand third-party risk management capabilities for clients in North America.
Littleton, U.S.; Cologne, Germany – December 20, 2019. TUV Rheinland OpenSky, a leading expert in Cybersecurity, Cyber Risk Quantification and Risk Assessments, today announced the creation of third-party risk assessment (TPRA) services. TUV Rheinland OpenSky has successfully partnered with multiple institutions to consistently measure, track, and manage third-party risk through our proven TUV Rheinland OpenSky methodology and engagement model.
TUV Rheinland OpenSky TPRA services combine end-to-end risk assessment through risk quantification, ad-hoc third-party risk assessments, vendor risk program lifecycle management and an overall risk report for stakeholders.
The TUV Rheinland OpenSky third-party risk management methodology utilizes a six-step process through initiation, discovery, development, reporting, testing and a conclusion phase to ensure the highest quality of work.
Why Third-Party Risk Management is so Critical
Not only has the number of data breaches due to third-party vendors increased 22% since 2015, 63% of all cyber-attacks can be directly or indirectly traced to third parties. Moreover, many regulations and contracts now require third-party risk management programs.
“As vendors continue to be relied on more and more for various business support, programs and applications, vendor cybersecurity risk naturally becomes a major priority,” explains Jimmy Doctor a CISSP, CISM, GRCP, MBA, an eGRC Practice manager for TUV OpenSky.
“We’ve seen third-party related breaches make headlines. Being able to overcome third-party vendor cybersecurity risks starts with building and maintaining a reliable risk management framework.”
Why TUV Rheinland OpenSky for Third-Party Risk Management
TUV Rheinland OpenSky has the expertise to ensure that all your organization’s third-party needs are met. For organizations that require a deeper level of guidance, TUV Rheinland OpenSky can perform end-to-end management of the entire vendor risk management lifecycle including:
- Assistance with measuring inherent risk
- Determining the most appropriate control framework
- Soliciting responses to questionnaires
- Coordinating meetings to gather answers
- Automation of end-to-end third-party risk management processes in eGRC (such as RSA Archer)
Taking a closer look at the type of business vendors provide is a critical factor to establish an appropriate assessment methodology. For companies starting their third-party risk management journey, TUV Rheinland OpenSky performs a comprehensive initial assessment of business drivers, industry standards, and customer requirements to fortify a company’s Third Party Risk Management program.
Lastly, TROS can enable the automation of business processes in a GRC platform for greater operational effectiveness and efficiency.
For more mature organizations that need additional help to quickly but accurately assess risk using a pre-established methodology, TUV Rheinland OpenSky has resources to perform deep inspections of vendor artifacts. Through RiskLens, these inspections are conducted to ensure controls are deployed corresponding to the risk of that vendor. We also specialize in importing this data into RSA Archer for companies that use this platform for their enterprise governance risk and compliance (eGRC) needs.
Finally, for companies seeking to push themselves higher on the maturity curve, TUV Rheinland OpenSky specializes in implementing a risk quantification platform to enable clients to quantify inherent and residual vendor risk, including vendor risk vector scores from publicly available sources. This culminates in the delivery of a risk quantification module that can be consistently deployed across all vendors to accurately depict the highest risk areas to the enterprise.