The Goal
Evaluate and manage the security risks of third party vendors and provide assistance when evaluated as a vendor.
Our Method
Integrate with teams to understand the business needs fulfilled by the vendor, sensitivity of access or shared data, and evaluate vendors' risk, security controls, regulatory compliance, and ability to meet internal security requirements.
The Result
Tailored vendor assessment reports providing the identified risk level, security concerns, and identified areas where improvements should be required.
Assessment Scopes
Urbane provides diverse technical and procedural coverage for assessing the security and risk of third party vendors through the following highlighted services.
Third Party Vendor Assessments
With a combination of services tailored to an organization’s specific needs, Urbane can assist with performing risk assessments during the evaluation and on-boarding process of new vendors, providing a detailed review of security questionnaires, validation of requested vendor evidence, the performance of full risk assessments, and expert opinion and guidance to the strength of the vendor's information security program. When a large number of vendors exist, Urbane also makes available full program management of vendor security questionnaires and compliance monitoring to provide relief of security teams to focus on internal security.
Vendor Penetration Testing
Validating the effectiveness of claimed vendor security controls, Urbane performs independent penetration testing of vendors environments from network and application perspectives. Upon discovery of any findings that could impact the security an organization’s data, Urbane discloses to both client teams and the vendors teams with follow up testing to ensure the findings were successfully remediated.
Vendor Access Assessments
With the growing number of vendors provided accounts to access an organization's resources, Urbane performs reviews of user and service accounts assigned to vendors to determine their lifespan, inactivity, access levels, and ability to potentially escalate into the environment if compromised.
Customer Security Request Support
As an interface between an organization’s customers and the organization’s role as a vendor or service provider, Urbane provides management of customer security and compliance requirements by responding to questionnaires, providing annual compliance reports and attestations, and serving as a proxy for evidence requests and customer audits.
The Urbane Difference
Innovative. Sophisticated. Refined.
Urbane demonstrates our founding principles in every engagement through attention to the details, modern techniques, and strong union with our clients.
Request more information
Other Urbane Solutions That May Interest You
Compliance Assessments
Assessments performed by Urbane are prided in being the most refined and comprehensive assessments, which allow for our cost-effective and efficient delivery. Our consultants are involved in continuing education and most of thought leaders in the compliance space, this ensures that no matter what type of compliance needs an organization must meet, Urbane is able to exceed all expectations.
Strategic Advisory (VISO)
With the high demand of qualified security professionals, having a Chief Security Officer (CSO) or Chief Information Security Officer (CISO) on staff can be extremely costly. Urbane’s Virtual Information Security Officer can help an organization leverage top-tier talent from our staff of former Fortune 1000 CSO and CISO’s to assist in managing and architecting security strategies that meet individual client needs.
Network Penetration Testing
Focusing on the exposed services, networks, and configurations, network penetration testing (also known as Ethical Hacking) simulates an attacker attempting to gain access to a network and its services through a variety of methods.
Infrastructure and Cloud Review
With in depth analysis of existing network and server architecture, Urbane provides proven security strategies for decreasing the various risks affecting the unique business needs of the organization with the least amount of impact or resource use.