contact us

Supplier evaluation

A clear view of your third-party risks and acquisition targets, with scoring, contractual requirements and actionable remediation plans.

Your performance, your image and sometimes your compliance depend on your third parties. We objectively evaluate your suppliers and acquisition targets, produce a score readable by all, let's frame contractual requirements and deliver remediation plans prioritized by risk and business impact.

I have a project

Why evaluate your suppliers now?

Risks don't stop at your IS door. An incident at a critical service provider, a breach of contract, or a low level of maturity can result in a breakdown, a data leak or non-compliance. By structuring your assessment, you can anticipate service interruptions, secure commercial relations and speed up due diligence in the event of an acquisition.

What we're looking at

Coverage

Business criticality, technical dependencies, security practices, incident management, business continuity, confidentiality, access management, cloud posture, cascading outsourcing and contractual alignment.

Depth

Targeted questionnaires, evidence reviews, flash interviews, public surface scans, reading of safety appendices and testing of existing exercises (if available).

Our method

Scoping & criticality

We cartography suppliers, we qualify business importance and set requirement thresholds.

Collection & analysis

We collection just what's needed (questionnaire, proofs, appendices), we check and weight by context.

Scoring & prioritization

A overall score and thematic sub-scores, then isolate the major differences.

Remediation & follow-up

Each gap is converted into a actions clauses are proposed and re-testing is scheduled.

Scoring

Visit overall score (0-100) indicates the residual risk level at a glance.

From thematic sub-scores (governance, security, incidents, continuity, data, tier 2 suppliers) make it possible to explain the results to the business and legal teams. Thresholds are adapted to your context: a critical operator does not have the same expectations as a non-sensitive supplier.

We deliver the score, the evidence to back it up, the key deviations, and the recommendations sorted by impact and effort.

Taking action

Want a clear view of your priority third parties? We start with a batch of 5 to 10 suppliers to set the scene. scoring, test the clauses and engage the first remedies.

contact us

Our blog

Discover the latest news and trends in management and compliance.

The Domino Effect of Cyber. Why EASA and Part IS require you to monitor your suppliers.

CaRE program - Area 2: funding for your medical-social establishment.

Protecting workstations and infrastructure: a vital challenge for hospitals and healthcare associations

Discover all our articles
en_US
fr_FR de_DE it_IT en_US

Our services

RM EBIOS risk analysis

Preparing for certification & compliance

Safety awareness campaigns

SSI policies & charters

ISO 42001 & IA ACT support

Time-sharing CISO

Supplier evaluation

Organizational audits

Technical audits

Phishia CTI

PRA / PCA

Crisis management exercise

Employee support

Post-Incident Assistance and Remediation

Who we are

Join us

Our blog

Contact us