What is third party assurance?

Build trust with your third-parties to enable and fuel long term relationships that lead to growth and partnership.

get started

What is Third Party Assurance?

As security-aware organizations, we invest a considerable amount of time, resources and money in protecting ourselves from external, malicious threat actors. There are many ways in which a threat can undermine these investments, and it is a method that is becoming increasingly common and effective: exploiting third parties.

As an organization that is undoubtedly part of a wider supply-chain and network of partners and subsidiaries, you are only as strong as the weakest link in that chain—especially if network access and sharing of information is commonplace.

Third Party Assurance is SubRosa’s services-based offering and is compiled of the assessment, management and safeguarding of your organization’s third parties. Typically, such organization’s include suppliers, partners, acquisitions and clients.


Vendor risk management.

Service overview.

Assess your entire supply-chain for cybersecurity risk and benchmark, profile and hold accountable all suppliers for their cybersecurity programs.

Expected results.

  • A more effective supply-chain that works to improve your corporate security posture.
  • A more effective supply-chain that works to improve your corporate security posture.
  • Increased business resiliency through a hardened, security-conscious supply chain.


Third party due diligence.

Service overview.

Assess acquisitions and new suppliers for their cybersecurity risk and include contract and legal language to support all cybersecurity requirements while negotiating with suppliers and acquisitions based on cybersecurity risk.

Expected results.

  • Make security-driven, informed purchasing and sourcing decisions.
  • Reduce risk when acquiring new organizations.
  • Reduce the costs associated with acquisitions.

Client assurance.

Service overview.

Respond to client RFIs in a timely, professional manner while leveraging the full expertise of SubRosa’s client assurance team.

Expected results.

  • Stand out from your competitors by providing professional, security-conscious responses.
  • Improve your own security program through continuous consulting.

Service models.

  • Leverage SubRosa’s full domain expertise to assess your third-party information security risk
  • All activities covered under a monthly retainer fee
  • Program is designed, run and executed by SubRosa
  • SLAs on all assessments and reporting
  • One-week notice to travel onsite
  • Remote, and physical onsite assessments included
  • Included governance, risk and compliance software support
  • Option for client-owned, custom framework production
  • Leverage SubRosa’s domain expertise when needed
  • Assessment and reporting on an as-needed basis, per client requests
  • No upfront or retainer costs
  • No service level agreements (SLAs) on assessments and reporting
  • Optional governance, risk and compliance software support
  • Four weeks’ notice to travel onsite
  • All frameworks, tools and methods remain the property of SubRosa
get started

Ready to get started?

Enquire here to speak to a member of the team.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.