Auditing Suppliers and Third Parties

It has always been the case that many organizations rely on third parties to deliver products and services to enable their businesses to function effectively. With the advent of cloud services and the increasing number of cloud-based products and services offered to organizations, third-party reliance is likely to increase further.

But how do you know that the service you are receiving from your third parties meets all your expectations, particularly regarding information security?

The obvious answer is to audit your third parties against your policy and control requirements in order to verify that they are operating as you expect them to. However, with increasing number of suppliers to audit, many organizations simply do not have sufficient resources. In addition, a number of organizations do not have the specialist technical knowledge to assess their cloud-based service providers.

Prioritization of Suppliers

Veritas can support you in auditing your suppliers and other third parties (confusingly referred to as second-party audits!). The first step is helping you understand how much you rely on each third party and the importance of its services to your organization. Understanding the risks that individual third parties present to your business from an information security, business continuity, and quality perspective will help you prioritize your second-party audits.

Range of Auditing Services

Having identified your high-risk third parties, Veritas can offer you various services, from a full audit service program to conducting ad hoc or selective second-party audits on your behalf. With a full audit program, we will propose a methodology and schedule for conducting audits of your suppliers and third parties. In conjunction with you, certain suppliers will be prioritized based on factors including criticality, risk assessment findings, incidents, previous audit findings, or contractual requirements.

In terms of conducting audits, our auditors are not only experienced in performing all types of process and system-based audits but are also geographically located around the country. As such, should you be looking for an on-site audit to be carried out anywhere in the middle east, we can accommodate your needs.

At the end of the audit, you will be presented with a comprehensive report, adopting your audit approach, internal style, and template. Veritas can help you with any action/nonconformity management of your third parties through to a successful conclusion, or you can manage this yourself.

Either way, using Veritas expertise can provide you with resource flexibility to deliver an effective and appropriate third-party audit service. Such a service will help assure your stakeholders that your third parties meet your information security or business continuity requirements and that you manage your supplier risk.