Mobius Consulting is assisting a premium financial service group in assessing their high-risk Third Partiescyber security control environment. The primary objective is to identify, profile according to the risk and then assess high-risk third parties in order to identify, log and ultimately help mitigate third party risk.
Each new and existing Third Party is profiled to assess the inherent risk of the relationship. Higher risk Third Parties are then assessed utilising a standardised questionnaire based on the NIST Cyber Security Framework. A typical assessment includes a kick-off meeting with the Third Party to walk through the requirements. Once the Third Party has completed the self-assessment questionnaire, we run a validation workshop with the Third Party and provide recommendations where weaknesses’ are identified in the Third Parties control environment.
The key success factor was to achieve a target assessment of 75 Third Parties in the 4th Quarter of 2018:
Support from leadership within the group including internal communications to the Business Relationship Manager’s (BRM) responsible for managing the Third Party;
Active support from BRM’s to facilitate the introductions to Third Party and escalate delays in the process;
Clearly defined TPRM standard, process and questionnaire;
A dedicated team of experienced TPRM consultants;
Using Web meeting tools for interactions with Third Parties, and
Clear weekly targets, dashboard scoring and active project management.