Vendor/Remote Site Risk Assessment
Innové is led by cybersecurity experts with a deep understanding of both defense and commercial IT risk best practices, and we use experienced people with automated tools and processes to deliver business impact in an emerging area of importance – 3rd party vendor and remote operations cyber risk assessment.
We offer a unique pilot program where we work with clients to select a sample set of vendors or remote sites to assess risk in accordance with NIST security guidance and utilize the following Shared Assessment Program tools:
- Standard Information Gathering (SIG) questionnaire
- Agreed Upon Procedures (AUP) onsite assessment standardization
- Vendor Risk Management Maturity Model (VRMMM) scoring & future planning
Within DoD, Innové has employed the NIST Cybersecurity Framework to profile and rank department cybersecurity maturity, and we’ve used the NIST Risk Management Framework to categorize departmental data according to risk and have implemented and monitored security controls for continuous improvement. This framework can also be applied to commercial entities.
In a related service offering, Innové provides a Managed Access Control service for third-party service providers to apply Authentication, Authorization, and Accountability (AAA) over Agents accessing PII in client databases. This may be of use and benefit to those clients who seek stronger access control to protect customer data assets.