Checklists
& Insights

Checklists
& Insights

Book a meeting

Data Risk in the Third-Party Ecosystem
Business Continuity Audit Checklist
Testing Business Continuity Plans
Data Risk in the Third-Party Ecosystem Infographic
A Summary of a Business Continuity Plan
10 Stages of Auditing a Business Continuity Plan
Cyber Security Breaches Survey 2021

Data Risk in the Third-Party Ecosystem

Data Risk in the Third-Party Ecosystem: Third Annual Study independently conducted by Ponemon Institute LLC and sponsored by Opus.

Understand the challenges companies face in protecting sensitive and confidential information shared with third parties and their third parties (Nth party risk). The mitigation of third-party risk has become even more important because of the EU’s General Data Protection Regulation that went into effect May 25, 2018 and the recently updated California Privacy Act.

The Ponemon Institute define the third-party ecosystem as the many direct and indirect relationships companies have with third parties and Nth parties. These relationships are important to fulfilling business
functions or operations. However, the research underscores the difficulty companies have in detecting, mitigating and minimizing risks associated with third parties that have access to their sensitive or confidential information.

The results of the study are based on a survey of more than 1,000 IT and IT security practitioners in the US and UK who are directly familiar with their organizations’ approach to managing data risks created through outsourcing and who are involved in managing these risks. Unless otherwise noted, the report presents the combined the US and UK findings.

 

Download

 

 

 

Business Continuity Audit Checklist

Paying employees worldwide will mean compliance with the European Union’s General Data Protection Regulation (GDPR) is a legally-mandated must. Managing Third-Party Vendors and the increased risk to your business continuity will mean you not only need to, but will want to be on top of external risks to give you peace of mind.

P3 appreciate that managing third-party risk (TPRM) can be both a grind and costly if not managed expertly to be effective and efficient.

P3 offers free guidelines and checklists for those who want to manage the process themselves. We also offer a support desk for those who simply need guidance, and a fully managed service for those organisations that need it.

An organisation’s continuity capability cannot be considered reliable or effective until it has been tested. No matter how well designed a business continuity solution or plan appears to be, realistic exercises should be used to help identify issues and validate assumptions that may require attention. The goal of exercising and testing is the continuous improvement of business continuity management capabilities and readiness by ensuring lessons learns are integrated into prevention, mitigation, planning, training, and future exercising and testing activities.

Download

Testing Business Continuity Plans

Validation / Testing is the Professional Practice within the business continuity management lifecycle that confirms that the business continuity programme meets the objectives set in the policy and that the plans and procedures in place are effective

The purpose of Testing / Validation is to ensure that the business continuity solutions and response structure reflects the size, complexity, and type of the organisation and that the plans are current, accurate, effective, and complete. There should be a process in place to continuedly improve the overall level of organisational resilience.

An organisation’s continuity capability cannot be considered reliable or effective until it has been tested. No matter how well designed a business continuity solution or plan appears to be, realistic exercises should be used to help identify issues and validate assumptions that may require attention. The goal of exercising and testing is the continuous improvement of business continuity management capabilities and readiness by ensuring lessons learns are integrated into prevention, mitigation, planning, training, and future exercising and testing activities.

Download

Data Risk in the Third-Party Ecosystem Infographic

A easy to understand presentation of the findings of the survey  Data Risk in the Third-Party Ecosystem: Third Annual Study, sponsored by Opus, which helps understand the challenges companies face in protecting sensitive and confidential information shared with third parties and their third parties (Nth party risk). 

The mitigation of third-party risk has become even more important because of the EU’s General Data Protection Regulation that went into effect May 25, 2018 and the California Privacy Act. 

The third-party ecosystem is defined as the many direct and indirect relationships companies have with third parties and Nth parties. These relationships are important to fulfilling business functions or operations. 

However, the research underscores the difficulty companies have in detecting, mitigating and minimizing risks associated with third parties that have access to their sensitive or confidential information.  The results of the study are based on a survey of more than 1,000 IT and IT security practitioners in the US and UK who are directly familiar with their organizations’ approach to managing data risks created through outsourcing and who are involved in managing these risks..​

Download Infographic

A Summary of a Business Continuity Plan

The Business Continuity Plan, or BCP, is the document by which you manage your organisation after a critical loss of functions, resources or personnel. You hope you don’t need it, but without it, your organisation may never recover from disaster. 

P3 Audit do not analyse, design or implement Business Continuity Plans, but test each element of these plans critical to building business resilience. P3 Audit partner with the most trusted professional consultancies.

Download Infographic

10 Stages of Auditing a Business Continuity Plan

Auditing is designed to verify that the business continuity process has been followed correctly, not that the solutions adopted are necessarily correct. 

Audits should be conducted at planned intervals to confirm that the organisation is conforming with its own business continuity policy and as a third party service provider does not compromise the business continuity programs of their key stake holders including customers.

 

Cyber Security Breaches Survey 2021

The Cyber Security Breaches Survey 2021 conducted by the UK Government in collaboration with Ipsos MORI.

In an annual survey conducted by the UK Government, the survey aims to measure how UK organisations approach Cyber Security, and the influence of breaches and attacks. Over the course of 3 months, more than 1,419 businesses were contacted with 654 identifying a breach or attack had taken place in past year.

In summary, respondents displayed a variety of responses to the challenges of maintaining cyber security post-Covid, from those that have attempted to bury their heads in the sand to cyber-mature organisations that have maintained their commitment and experimented with new ways to increase security.

Of the organisations surveyed, only 15% carried out cybersecurity vulnerability audits and 12% proactively review cybersecurity risk posed by third-party service providers (suppliers).

Technology is enabling far greater and affordable protection and this is true to testing process and certification compliance.

Download