Information Security Forum addresses third-party security

The Third Party Security Assessment Tool provides information on requirements and controls

The Information Security Forum (ISF) has released a new tool designed to help enterprises work with the most secure third-party suppliers, particularly those based in the cloud.

The ISF said that the use of third-party solutions is on the rise, and that companies have a lot of new issues to cover, particularly when it comes to the security of personal information.

"Identifying and validating the security arrangements for a single third party requires significant work," said Adrian Davis, senior research consultant at the ISF.

"When you consider that large organisations will deal with hundreds, and in some cases thousands, of service providers and partners, it becomes a major undertaking requiring sufficient resources and enhanced security controls."

The ISF has released an assessment tool exclusively for its members designed to make the process even easier. The Third Party Security Assessment Tool will help firms to assess the security of the third-party solutions they employ, according to the organisation, and lead them through a typically difficult-to-navigate path to adequate cover.

"There is a tremendous business value in third-party relationships, and the lines of communication need to be open and constant between end-user organisations and third-party communities," said Howard Schmidt, president and chief executive at the ISF.

"With the Third Party Security Assessment Tool we are able to provide the critical information needed to maintain a constant set of requirements and controls."