Vendor Risk Management (VRM) Services
Third party risk management services are more critical than ever, yet many companies still struggle to identify, risk rank, and assess the vendors that support their business. Manual processes like email and spreadsheets add another layer of complexity to completing security assessments. FoxPointe Solutions provides the necessary insight, automation and upgrades you need to stay ahead. Vendor risk management is a managed service that can save your organization time and resources while ensuring this critical security function continues to operate.
Reduce Cost, Increase Compliance.
The complexity, scale, and scope of IT vendor relationships is increasing, making vendor due diligence services even more important. It’s critical that organizations have efficient vendor monitoring and assessment mechanisms. FoxPointe deploys its team of experts and automated tools to help manage vendor risk assessment throughout the year. By assisting in, or completely managing this critical component of your risk management and information security program, we can help reduce the time and resources associated with internal personnel and increase the likelihood that you will meet required laws, regulations and standards.
Vendor Risk Management Services
FoxPointe Solutions offers multiple service options designed to assist you with demonstrating your risk-based approach and due diligence of your vendors to your customers, stakeholders, and/or prospects.
- Third-Party Inventory: Organizations large and small struggle to centrally manage and identify all vendors being used. We will help you identify all vendors and collect the necessary tracking information to be logged in our tool as a central repository.
- Third-Party Security Assessment Services: The Standardized Information Gathering (SIG) and similar questionnaires (including customizable questionnaires) available in our tool allows FoxPointe to collect and assess the information necessary to conduct assessments of your service provider’s controls in order to risk rank the vendor and assess security.
- Vendor Due Diligence Services: FoxPointe will assist, or fully manage, a standardized process to oversee the lifecycle for due diligence, risk assessments, and audit.
- Standardized Control Assessment (SCA): These procedures are used by FoxPointe to conduct onsite and additional validation assessments; collecting evidence to verify responses to the SIG or similar questionnaires.
- Contract and Attestation Reviews: FoxPointe will help you review vendor contracts, terms and conditions, and attestation documentation (such as SOC 1 and SOC 2 reports), and provide you with the needed feedback to ensure appropriate agreements are in place and vendor audit results are reasonable to determine if they require follow-up or a change to the vendor risk rank.
- Company Due Diligence Packages: These packages typically include an overview of the company, financials, insurance information, mission, policies and procedures overview and information regarding any audits or examinations you may have completed. It is a great preface of, or supplement to, attestation documents or when you need material to hand out when other data may have restricted use (like a SOC 2).
Hear What Our Clients Have to Say
“We were in need of a security officer who would understand our complex needs, help us troubleshoot and address areas of organizational risk in the technological arena, and instill the confidence that our systems and information were as secure as possible. The improvements in our security and the mitigation of risk were immediately appreciated. Carl is an excellent partner, always honest and transparent regarding areas in need of improvement and provides essential professional guidance to ensure compliance with all regulatory requirements.
I highly recommend FoxPointe for other organizations that want to ensure compliance and security with their Information Technology systems.”
Cindy Lee
CEO, OLV Human Services