Outsourcing work to industry creates a complex security issue for government agencies to manage because vendors are inherently trusted with agency mission functions, systems, and data. Because agencies lack direct control and ownership of their service provider’s operations and assets, they must rely on mature oversight capabilities supported by contracts and agreements to establish this accountability for implementing cybersecurity.

KCG provides agencies with a solution to managing this risk by developing third-party risk management programs. These programs establish processes and performance measurements validating that their vendors’ assurance levels are operating within the risk tolerance of the agency and its policies. We provide the following solutions in support of third-party risk management:

• Vendor Risk Management Programs
• Third-Party Risk Assessments
• Contract Review and Service Level Agreement Definition
• Cloud Security Assessments