contact us

Supplier evaluation

A clear view of your third-party risks and acquisition targets, with scoring, contractual requirements and actionable remediation plans.

Your performance, your image and sometimes your compliance depend on your third parties. We objectively evaluate your suppliers and acquisition targets, produce a score readable by all, let's frame contractual requirements and deliver remediation plans prioritized by risk and business impact.

I have a project

Why evaluate your suppliers now?

Les risques ne s’arrêtent pas à la porte de votre SI. Un incident chez un prestataire critique, un manquement contractuel, ou un faible niveau de maturité peut se traduire par une panne, une fuite de données ou une non-conformité. En structurant l’évaluation, vous anticipez les ruptures de service, sécurisez les relations commerciales et accélérez les due diligences en cas d’acquisition.

What we're looking at

Coverage

Business criticality, technical dependencies, security practices, incident management, business continuity, confidentiality, access management, cloud posture, cascading outsourcing and contractual alignment.

Depth

Targeted questionnaires, evidence reviews, flash interviews, public surface scans, reading of safety appendices and testing of existing exercises (if available).

Our method

Scoping & criticality

We cartographie les fournisseurs, on qualifie l’importance métier et on fixe les seuils d’exigence.

Collection & analysis

We collecte juste ce qu’il faut (questionnaire, preuves, annexes), on vérifie et on pondère par le contexte.

Scoring & prioritization

On attribue un overall score et des sous-scores thématiques, puis on isole les écarts majeurs.

Remediation & follow-up

On transforme chaque écart en actions datées, on propose des clauses et on planifie le re-test.

Scoring

Visit overall score (0-100) indicates the residual risk level at a glance.

From thematic sub-scores (governance, security, incidents, continuity, data, tier 2 suppliers) make it possible to explain the results to the business and legal teams. Thresholds are adapted to your context: a critical operator does not have the same expectations as a non-sensitive supplier.

We deliver the score, the evidence to back it up, the key deviations, and the recommendations sorted by impact and effort.

Taking action

Envie d’une vision claire sur vos tiers prioritaires ? On démarre par un lot de 5 à 10 fournisseurs pour poser le scoring, tester les clauses et enclencher les premières remédiations.

contact us

Our blog

Discover the latest news and trends in management and compliance.

The Domino Effect of Cyber. Why EASA and Part IS require you to monitor your suppliers.

CaRE program - Area 2: funding for your medical-social establishment.

Protecting workstations and infrastructure: a vital challenge for hospitals and healthcare associations

Discover all our articles
en_US
fr_FR de_DE it_IT en_US

Our services

RM EBIOS risk analysis

Preparing for certification & compliance

Safety awareness campaigns

SSI policies & charters

ISO 42001 & IA ACT support

Time-sharing CISO

Supplier evaluation

Organizational audits

Technical audits

Phishia CTI

Phishia SOC

PRA / PCA

Crisis management exercise

Employee support

Post-Incident Assistance and Remediation

Who we are

Join us

Our blog

Contact us