Greater certainty about business-critical supplier relationships
Outsourcing services or moving services to the cloud increases dependence on external suppliers. Managing these dependencies involves working with suppliers to address complex technical, organisational and legal issues. At Swiss Infosec AG, you will find all the necessary expertise under one roof. We are happy to support you in preparing, conducting and reviewing the required periodic supplier security and compliance assessments.
Checkpoints
We assess the coverage of the necessary measures in the areas of security and compliance from a single source:
Organisational, personnel and physical aspects
- Organisation of security, roles and responsibilities
- Implementation and maturity of information security management
- Security reports and certifications, e.g. ISO 27001, ISAE 3402, SOC II Type 2
- Physical security at locations and service centres
- Training and awareness-raising for employees on security and compliance
- Implementation and maturity of supplier management, including subcontractors involved and their security requirements, as well as auditing and control of subcontractors
- Business continuity and crisis management
Technical aspects
- Implemented IT operating processes: incidents, problems, changes
- IT security processes and measures: vulnerability management, patch management, identity and access management, hardening, backup and restore, log management, monitoring and alerting, malware, documentation, etc.
- Secure development processes, DevSecOps best practices
- Incident response management, escalation scheme
- IT emergency organisation and drills
- Technical security measures of the subcontractors involved
Legal aspects
- Compliance with relevant legal and regulatory requirements: data protection, FINMA circulars, ElCom directives, DORA, NIS2, CySecRail, etc.
- Reporting obligations and audit rights
- Intellectual property regulations
- Security-related aspects in contracts
Your additional benefit
You receive a neutral assessment of the security and compliance-related risks of the existing supplier relationship. Swiss Infosec AG evaluates the given circumstances based on industry-standard or general security best practices and identifies practical optimisation measures.
Speaking of supplier security: We would be happy to advise you on establishing efficient management processes for dealing with business-critical suppliers.