Third-Party Risk Advisory

Trusted third-party risk assurance for businesses and service providers

All businesses rely on third-party service providers, and third-party risk management (TPRM) is nothing new. In fact, regulated industries like financial services and healthcare have long been required to test and report on the effectiveness of their vendor risk management programs.

However, recent cyber-attacks, such as the 2013 Target data breach, brought new focus to third-party cybersecurity risk, since the post-incident kill chain analysis pointed to malware that entered Target’s network through an insecure supplier. Since that widely publicized incident, boards, legal counsel and executive management at buyer firms have been seeking greater assurance that third-party risk is being adequately managed.  As a result, in-house security teams have re-doubled their efforts to:

  • Create information security standards for suppliers
  • Identify and classify vendors according to risk
  • Update contracts to ensure cyber issues are properly addressed

Vendor Risk Management Services

We bring efficiencies and cost savings to the vendor risk management lifecycle. Our “trust, but verify” approach is based on a standardized approach that is adopted globally across a range of industries. Our services include:

  • TPRM Maturity Assessments
    Unsure about the effectiveness of your TPRM program? Trust Coalfire’s TPRM Maturity Assessment to provide a quick analysis of your program and a peer-to-peer comparison.

  • TPRM Advisory
    Are you seeking incremental TPRM expertise and capacity? Do you need to update and expand your program to meet new requirements? Are you just getting started with a vendor relationship management (VRM) program? We can help design and implement key elements of your program or help you build it from the ground up.

Our TPRM Program Design and Development Service helps you define the foundational concepts for starting a TRPM program from scratch. We’ll help you:

  • Build a core team
  • Complete a full inventory of third party contractors
  • Collect and standardize contracts
  • Define vendor security requirements
  • Select and implement TPRM software
  • Implement, measure and report TPRM results to executive management

Through our Outsourced TPRM Services, we can also assist you with customizing a Standardized Information Gathering Questionnaire (SIG), analyzing and scoring responses, and working with your vendors on remediation activities. In addition, our assessors can perform on-site audits for third parties that require the extra level of assurance provided by inspection.

Why Coalfire for Third-Party Risk Advisory

Since our founding in 2001, Coalfire has established itself as a pure-play, vendor-neutral cybersecurity advisory firm serving as a trusted advisor to executives, legal counsel, compliance managers and security practitioners across numerous industries.

Each Coalfire project is led by a credentialed, industry-savvy senior director and supported by consultants armed with the methodologies, proven proprietary frameworks, insights and know-how accumulated through service to over 1,400 clients annually. We’re skilled communicators who present our findings in business terms for truly actionable insights.

Along with our cyber risk advisory services, we help clients simplify their compliance processes. Our cyber risk advisors get to know your business and help you understand how to comply with regulations and leverage efforts across different compliance frameworks.



Case Studies