Oversight of Third Party Vendors
Even if your firm has the most robust security program in place, your firm’s data is only as secure as the weakest vendor you share your data with. Due to the fact that vendors outside your walls also have access to your data, it is critical to make sure that their security practices meet industry standards. Drawbridge Partners would like to see your vendors meet or exceed the security posture of your firm.
With data security having become a hot button topic for regulators and investors, oversight of your third parties who have access to your sensitive data is no longer simply best practice but rather expected. Extensive due diligence of third parties is no longer optional; it is required.
will help you develop a robust vendor due diligence program
Data Mapping Exercises
In order to create a program, you first need to understand who has access to your firm’s data. A thorough data flow analysis to determine what data a vendor holds, and who at the vendor level has access to said data, is critical. We find this exercise could reveal that your firm shares sensitive data with more counterparties than initially assumed. This data mapping exercise is critical to uncovering hidden vendors that someone else might miss.
VENDOR DUE DILIGENCE ASSESSMENT
After a thorough mapping is complete, we then look to assess each vendor. The proprietary due diligence method of the Drawbridge Partners' Team advocates that a baseline security level be set for all vendors, regardless of size and/or service they provide your firm.
Once our review process is complete, we will provide your firm with a Third Party Risk Assessment which will define the scope, the methodology used, the vendors reviewed, and any vulnerabilities which we feel need to be addressed. This report will be presented in a format that all firms can confidently present, deliver, and share with board members, regulators and investors.