Third Party Risk
Secure supply chains from cyber attacks
Third-party vendor risk is becoming more important than ever with attacks to supply chains causing enormous impact to business environments. However, the vendor risk management process is time-consuming and resource-intensive. Many companies struggle with finding the time to properly vet and assess their vendors in order to ensure a vendor compromise is as low-risk to the organization as possible.
Utilizing Legato Security’s Managed 3rd Party Vendor Risk service ensures the resources needed for maintaining this program are available without tying up company employees and resources.
Transparent metrics for critical data access
Whether it’s for compliance, risk management, or just good due diligence, Legato Security will assess your 3rd party vendors to ensure the vendors you’re working with are following security best practices and you have a clear understanding of which vendors are accessing your critical data.
This service is performed with a combination of a vendor risk management portal and hands-on work by our risk management team. Clients will have full access to the portal and may provide feedback at any time.
Vendor Risk Assessment
- Identification of vendor's role and data being accessed
- Vendor approvals by Client
- Facilitation and review, and approval of Vendor Security Questionnaire
- Confirmation of vendor's certifications (PCI DSS, SOC2, ISO27K, etc.)
Ongoing Vendor Monitoring
- Annual risk assessments for critical vendors
- Breach notifications
- Risk scores
- Open Source Intelligence
Custom Tracking & Reports
- Customized or additional questionnaires to certain vendors based on Client's criteria
- Tracking vendor assessments, scores, and requests through our Vendor Risk Assessment Portal
- Vendor reporting for annual compliance audits