60 percent of security incidents in 2022 will result from issues with third parties
Forrester’s North America Predictions 2022
Third-Party Risk Management
Identify cyber security risks in your supply chain
A growing number of cyber-attacks and GDPR incidents can be traced back to third parties with whom you share data or are digitally interconnected. Even if a security incident at a supplier does not immediately affect your security, there’s still the risk that it disturbs the operations of your supplier and hence your supply chain, which puts your business continuity at risk.
So it no longer suffices to keep your own digital entry points secure. You also need to verify that your suppliers are keeping all of their internet-connected processes and IT assets safe and secure.
Third-Party Risk Management
Understand security risks at key suppliers and partners and enjoy business continuity
Not all security risks can be identified using automated security scans. Using Ceeyu, you can assess the security risks with critical suppliers by combining automatic attack surface scans and security ratings with questionnaire-based audits, also all digital. You can create your own questionnaires, from scratch, or start from our standards-based templates. Our online workflow management and our supplier portal ensure smooth interaction with suppliers and short lead times.
Third-Party Risk Management
Centralized cyber risk assessments
Trying to collect and follow this up manually is very time-consuming, and easily leads to errors and oversights. Ceeyu helps you to streamline risk mitigation and cyber compliance efficiently with a security Third-Party Risk Management (TPRM) platform that combines automated assessments with template-based supplier security questionnaires for all your partners and suppliers with a single, online tool.
Quickly onboard and manage your suppliers and partners, and assess the risk they pose to your security profile and business continuity. Automated and continuous scans of their attack surface provide you with standardized risk assessments for your whole third-party ecosystem.
Third-Party Risk Management
Complete and intuitive TPRM
Ceeyu features
Supply chain security assessment
- Comprehensive overview of cybersecurity risks with key third parties.
Intuitive risk overview
- Transparent scoring of third parties on risks and the degree of impact for proper prioritization.
Build trusted relationships
- Show your reliability as a business partner.
Digital TPRM platform
- Online vendor assessment and due diligence with a maximum of automation.
Security questionnaires
- Customizable templates based on standard frameworks.
Continuous assessments
- Continuous monitoring of vulnerabilities and threats.
Intelligent security tracking
- Use data-driven security reports to identify the vast majority of security threats.
Third-Party Risk Management
Combine questionnaires with automated scans
Using our automated attack surface monitoring and security risk ratings, you can cross-check the conclusions from the questionnaires. Or the other way around, using our questionnaire-based assessments, you can complement the output of automated scans. Ceeyu enables you to use the results from the attack surface scans and the resulting security risks at your own discretion: you can share the results with the supplier making them available on the supplier portal, or use them internally.
Third-Party Risk Management
Automated risk assessment questionnaire workflows
Manually reviewing and maintaining the security procedures of suppliers and other stakeholders can be a challenging task.
Those who have already worked with compliance questionnaires recognize the weaknesses of a manual approach. You have to create your questionnaires, send them to third parties by mail, and keep track in a spreadsheet of who has already answered and who has not. In addition, you must also keep all documents in a well-organized and shared folder, and check regularly whether adjustments are needed.
Using a centralized online platform, you can keep track of all your security assessment questionnaires with as little manual work as possible on security assessments.
Ceeyu features
Centrally accessible overview
- A centrally accessible overview of all suppliers, assessments and shared documents.
Standards-based templates
- A library of templates integrating the most recent standards (CIS, NIS, NIST, and ISO).
Customizable questionnaires
- Start from templates or build your own, to factor in your security and risk policies.
Track progress
- Kanban-style board for tracking (supplier activity, open, in-review, and closed assessments).
Supplier portal
- Invite your suppliers to the platform and notify them about new assessments.
Interact with suppliers
- Share assessment results and identified risks with involved partners. Chat module for supplier Q&A.
Third-Party Risk Management
All-digital vendor security risk due diligence process
This approach takes the overhead out of any vendor security due diligence process by allowing you to easily and quickly set up a new questionnaire-based assessment, link it to a supplier, and send it to them. The supplier will receive a login to access the supplier portal and be able to respond to the questionnaire online. After which you can assess their answers and generate a security rating.
When assessing a questionnaire, you have an easy-to-use interface to not only see the supplier’s responses and either accept or reject their answer, but also view appended evidence or send and receive messages through a Q&A messaging system.
Rejecting an answer will query the supplier to provide more information, while the message box might be used to query the supplier to ask for additional clarifications.
