
60 percent of security incidents in 2022 will result from issues with third parties
Forrester’s North America Predictions 2022
Third-Party Risk Management
A growing number of cyber-attacks and GDPR incidents can be traced back to third parties with whom you share data or are digitally interconnected. Even if a security incident at a supplier does not immediately affect your security, there’s still the risk that it disturbs the operations of your supplier and hence your supply chain, which puts your business continuity at risk.
So it no longer suffices to keep your own digital entry points secure. You also need to verify that your suppliers are keeping all of their internet-connected processes and IT assets safe and secure.
Forrester’s North America Predictions 2022
Not all security risks can be identified using automated security scans. Using Ceeyu, you can assess the security risks with critical suppliers by combining automatic attack surface scans and security ratings with questionnaire-based audits, also all digital. You can create your own questionnaires, from scratch, or start from our standards-based templates. Our online workflow management and our supplier portal ensure smooth interaction with suppliers and short lead times.
Trying to collect and follow this up manually is very time-consuming, and easily leads to errors and oversights. Ceeyu helps you to streamline risk mitigation and cyber compliance efficiently with a security Third-Party Risk Management (TPRM) platform that combines automated assessments with template-based supplier security questionnaires for all your partners and suppliers with a single, online tool.
Quickly onboard and manage your suppliers and partners, and assess the risk they pose to your security profile and business continuity. Automated and continuous scans of their attack surface provide you with standardized risk assessments for your whole third-party ecosystem.
Supply chain security assessment
Intuitive risk overview
Build trusted relationships
Digital TPRM platform
Security questionnaires
Continuous assessments
Intelligent security tracking
Using our automated attack surface monitoring and security risk ratings, you can cross-check the conclusions from the questionnaires. Or the other way around, using our questionnaire-based assessments, you can complement the output of automated scans. Ceeyu enables you to use the results from the attack surface scans and the resulting security risks at your own discretion: you can share the results with the supplier making them available on the supplier portal, or use them internally.
Manually reviewing and maintaining the security procedures of suppliers and other stakeholders can be a challenging task.
Those who have already worked with compliance questionnaires recognize the weaknesses of a manual approach. You have to create your questionnaires, send them to third parties by mail, and keep track in a spreadsheet of who has already answered and who has not. In addition, you must also keep all documents in a well-organized and shared folder, and check regularly whether adjustments are needed.
Using a centralized online platform, you can keep track of all your security assessment questionnaires with as little manual work as possible on security assessments.
Centrally accessible overview
Standards-based templates
Customizable questionnaires
Track progress
Supplier portal
Interact with suppliers
This approach takes the overhead out of any vendor security due diligence process by allowing you to easily and quickly set up a new questionnaire-based assessment, link it to a supplier, and send it to them. The supplier will receive a login to access the supplier portal and be able to respond to the questionnaire online. After which you can assess their answers and generate a security rating.
When assessing a questionnaire, you have an easy-to-use interface to not only see the supplier’s responses and either accept or reject their answer, but also view appended evidence or send and receive messages through a Q&A messaging system.
Rejecting an answer will query the supplier to provide more information, while the message box might be used to query the supplier to ask for additional clarifications.