contact us

Supplier evaluation

A clear view of your third-party risks and acquisition targets, with scoring, contractual requirements and actionable remediation plans.

Your performance, your image and sometimes your compliance depend on your third parties. We objectively evaluate your suppliers and acquisition targets, produce a score readable by all, let's frame contractual requirements and deliver remediation plans prioritized by risk and business impact.

I have a project

Why evaluate your suppliers now?

Risks don't stop at your IS door. An incident at a critical service provider, a breach of contract, or a low level of maturity can result in a breakdown, a data leak or non-compliance. By structuring your assessment, you can anticipate service disruptions, secure business relationships and speed up due diligence in the event of an acquisition.

What we're looking at

Coverage

Business criticality, technical dependencies, security practices, incident management, business continuity, confidentiality, access management, cloud posture, cascading outsourcing and contractual alignment.

Depth

Targeted questionnaires, evidence reviews, flash interviews, public surface scans, reading of safety appendices and testing of existing exercises (if available).

Our method

Scoping & criticality

We map suppliers, qualify their business importance and set requirement thresholds.

Collection & analysis

Just collect what you need (questionnaire, proofs, appendices), check and weight by context.

Scoring & prioritization

We assign an overall score and thematic sub-scores, then isolate the major discrepancies.

Remediation & follow-up

We transform each deviation into dated actions, propose clauses and plan the re-test.

Scoring

Visit overall score (0-100) indicates the residual risk level at a glance.

From thematic sub-scores (governance, security, incidents, continuity, data, tier 2 suppliers) make it possible to explain the results to the business and legal teams. Thresholds are adapted to your context: a critical operator does not have the same expectations as a non-sensitive supplier.

We deliver the score, the evidence to back it up, the key deviations, and the recommendations sorted by impact and effort.

Taking action

Want a clear view of your priority third parties? We start with a batch of 5 to 10 suppliers to establish the scoring, test the clauses and initiate the first remedial actions.

contact us

Our blog

Discover the latest news and trends in management and compliance.

All you need to know about ISO 27001

NIS2 & DORA: EU obligations, key differences, concrete roadmap

IEC 62443: ISO27001 adapted... for industry

Discover all our articles
en_US
fr_FR de_DE it_IT en_US

Our services

RM EBIOS risk analysis

Preparing for certification & compliance

Safety awareness campaigns

SSI policies & charters

ISO 42001 & IA ACT support

Time-sharing CISO

Supplier evaluation

Organizational audits

Technical audits

Phishia CTI

Phishia SOC

PRA / PCA

Crisis management exercise

Responses to incidents

Who we are

Join us

Our blog

Contact us