Supplier Security

You may be a business who as a data controller is required to carry out security due diligence assessment of any data processor. Alternatively, you may be a business whose customers or insurers contractually require you to carry out third-party security assessments of all your suppliers. In either case it is a challenge to decide how to carry-out a security assessment which is effective, not too onerous on your business or your supplier and offers value for money.

There are on-line third-party supplier risk assessment tools, but they often have a large question set and require tailoring to meet your needs. But what about if your supplier is a large organisation such as SalesForce or Oracle HR, they are not going to complete a security questionnaire.

These on-line solutions can be expensive so you could create your own but what questions do you need to ask and how are you going to assess the responses?

We have helped medium to large companies assess the security of their suppliers. We have produced pragmatic security questionnaires tailored to the business, the supplier and the level of risk. We then helped the supplier to complete the questionnaire, evaluated the responses and advised on the risk and any security clauses that need to be added in the contract with the supplier.

Where the customer had a large supplier, we took the information from the supplier’s published security document and completed a due-diligence report that satisfied the contractual and legal obligations.

Where required we can carry-out onsite audits of suppliers.

Testimonials

“AJ Security Consulting has provided GDPR support to AE Tuition since 2018. They produced all our initial Privacy documentation, provided updates, carried out due diligence assessments of our data processors and are always available to answer questions and provide advice.”

Business Operations Manager AE Tuition.

“AJ Security Consulting helped us identify the appropriate Microsoft security tools, the security configurations and provided advice on the implementation and monitoring requirements.”

CIO Lloyds Pharmacy Healthcare Services.

“In addition to supporting our ISO27001 certification AJ Security Consulting provide our DPO and CISO service. This includes responding to the numerous security and privacy questionnaires we receive from our clients and attending any follow-up calls. In addition to responding directly to the questionnaires, AJ Security Consulting have produced model answers to allow our staff to respond to the questionnaire.”

COO Qualification Check

“AJ Security Consulting has provided support to our ISO2001 Certification since 2019. They produced all our initial security documentation, selected the certification body, and provided assistance during the initial certification audit. Since then, AJ Security Consulting has provided ISO27001 advice and carried out the annual Internal Audits, more recently they carried out the ISO27001:2022 gap analysis to support our migration to the new standard”.

Director HJS Technology.

“AJ Security Consulting delivered our Privacy training and identified what we needed to do to comply with the GDPR. The training was exactly what we needed as a small organisation – informative, relevant and concise. They simplified a complex subject and provided a clear plan of what we need to do next.”

Salisbury Area Music Co-operative | 2017

“AJ Security developed our information security policy framework and helped us achieve ISO27001:2013 Certification, they also helped us recruit a permanent Information security manager.”

Rajesh Gupta CFO The Northview Group |2016

“AJ Security Consultants helped develop our information security risk assessment process and standard. He provided a wide range of pragmatic security advice and has always been available to answer questions and offer advice.”