Answering Risk Requests from Third-Party Partners with Standardized Documentation and Response

Risk Requests, risk management frameworkAs CISOs become increasingly aware of the risks surrounding third-party relationships – and with a shift in focus towards supply chain risk management – there is mounting pressure from partners and clients to maintain a security posture centered on a mature information security program.

In order to demonstrate compliance with these goals to the satisfaction of shareholders, companies are fulfilling their due diligence with the use of questionnaires, required documentation and evidence of security controls. However, the burden of proof can be overwhelming.

Additionally, companies who are just beginning the shift towards Third-Party and supply chain security can find themselves inundated with requests for documentation from their clients and partners, often submitted with challenging time constraints.

Without a standardized response, fielding these requests is a challenge. So what’s the solution?

Securicon’s Approach to Due Diligence Requests

Securicon provides a streamlined response protocol allowing companies to demonstrate due diligence in key areas of information security program documentation. This “response” package simplifies report generation by cutting down on preparation time, providing a template for assessment and establishing clear communication policies.

We provide several areas of support to clients who struggle with these types of requests:

  • Guidance for existing third-party risk request processes
  • Establishment of documentation and evidence to share with partners
  • Creation or standardization of questionnaires based on company standards
  • Methodology to update and share content as security posture develops over time

Managing and responding to your third-party requests can be overwhelming and places undue burdens on internal resources. To maintain a competitive advantage and solidify established business relationships, quick turnaround is nevertheless an imperative.

Let Securicon ease this challenge and all your other Third-Party Risk Management pain points. For more information on these services and others, please contact Bo Wheeler at

Click here for more information on Securicon’s GRC offerings.


Jason Pellino is a senior level cyber security consultant with success in developing and implementing information security programs while providing leadership and guidance pertinent to information security program governance; risk management and compliance for local enterprises and global environments.  In Jason’s down time, he also likes to dabble with new audio\visual gadgets; barbecuing; and being a youth football coach in his town of Cumming, GA.

Securicon offers comprehensive digital security and compliance solutions to organizations. Our services include penetration testing and social engineering assessments which are trusted by critical infrastructure companies across the U.S and other critical organizations to find vulnerabilities and maximize safety. In 2019, there’s no room to be lax about security – contact us today!