The scope of the undertaken project is to assess information security risks posed to the telecommunications provider from its suppliers and partners in Greece. The project involves performing Information Security Assessments to approximately 20 vendors. Based on the security requirements, Obrela Security Industries identifies risks and liabilities, introduced by the vendors, which could expose our client Information Assets to known threats. Furthermore, Vendor Assessment project aims to ensure our client information confidentiality, integrity and availability, as well as compliance with legal and policy requirements.
Within the project scope and in order to help our client to achieve its goals, Obrela Security Industries will perform the following activities:
- Review Existing vendors’ Policies and Procedures and identify risks that may be present, and can lead to compromise of the confidentiality, integrity or availability of our client Information Assets.
- Perform Gap Analysis to assess vendors Compliance with our client Security Requirements, Policies and Standards.
- Evaluate the Level of Risk our client is exposed to, from Vendors Non-Compliance with our client Security Requirements, Policies and Standards.
- Propose supplementary security controls that should be implemented by vendors in order to mitigate the identified risks, enhance vendors overall security posture and protect our client’s interests.
- Monitor vendors’ implementation of the proposed risk mitigation activities and compliance with our client Security Requirements, Policies and Standards.
- Develop and maintain a Vendors Compliance Monitoring Plan to confirm enforcement of the proposed risk mitigation solutions and re-assess compliance.