Subcontractor Compliance audit
Assessing the security of subcontractors’ information systems!
Share :
What is a SUBCONTRACTOR COMPLIANCE AUDIT?
Safety is above all a question of resources and processes, but also of clear, transparent information for our customers. It’s essential that you make stringent demands of your subcontractor (e.g. hosting provider) in terms of security, availability and operating conditions.
The purpose of such an audit is not to provide certification against a particular standard, but to assess thestate of your subcontractor’s information systemssecurity organization in relation to technical and regulatory standards, as well as the contract that binds it to your organization. In other words, what is its “cyber maturity” in terms of the work it has carried out on your behalf? The audit must provide evidence that the operational reality corresponds to what has been signed between you and your subcontractor, and that it fully meets your security requirements – including data protection aspects.
After a documentary analysis (Information System Security Policy, Quality Assurance Plan, Security Assurance Plan, Backup Plan, etc.), interviews and on-site verifications of the subcontractor’s evidence are carried out.