We are able to advise procurement and legal staff on the requirements for contracts to protect information entrusted to third parties based on a good understanding of the supporting IS requirements. We can specify technical, physical, personnel or procedural security requirements expected from third parties
We can assess the potential risks of entrusting third parties to protect information or to deliver services upon which the information security of the first party depends.
We are able to assess compliance by third parties to agreed information security policies and standards and have an awareness of the level of trust that can be assumed by Departments and Agencies whose partners may have gained Cyber Essentials, Cyber Essentials plus, or other sector specific or industry sector certifications
We understand and can advise how to protect compliance with Codes of Connection to services such as PSN. We are aware of and pragmatically utilise a range of assurance methods to gain confidence in arrangements: such as penetration tests, audits, inspections or other reporting approaches
We are able to develop organisational IS policies for sharing information with third parties and negotiate frameworks for managing third party protection of shared information. We can advise information risk owners or managers of the risks of supply chains including third parties that are not subject to EU legislation protecting personal data or privacy such as the EU Charter of Fundamental Human Rights
We are able to lead complex negotiations with third parties on standards for protecting shared information whether through transfer of data or access to a shared repository