Supplier evaluation
A clear view of the risks associated with your third parties and acquisition targets, with scoring, contractual requirements, and actionable remediation plans.
Your services, your image, and sometimes your compliance depend on your third parties. We objectively evaluate your suppliers and acquisition targets, produce a score that is readable by all, frame the contractual requirements, and deliver concrete remediation plans, prioritized by risk and business impact.
Why evaluate your suppliers now?
Risks don’t stop at your IT department’s door. An incident at a critical service provider, a breach of contract, or a low level of maturity can result in a breakdown, data leak, or non-compliance. By structuring the evaluation, you can anticipate service disruptions, secure business relationships, and speed up due diligence in the event of an acquisition.
What we look at
Coverage
Business criticality, technical dependencies, security practices, incident management, business continuity, confidentiality, access management, cloud posture, subcontracting, and contractual alignment.
Depth
Targeted questionnaires, evidence reviews, flash interviews, public surface scans, reading of security appendices, and testing of existing exercises (if available).
Our method
Scoping & criticality
We map suppliers, assess business importance, and set requirement thresholds.
Collection & analysis
We collect only what is necessary (questionnaires, evidence, appendices), verify it, and weigh it according to context.
Scoring & prioritization
We assign an overall score and thematic sub-scores, then isolate major discrepancies.
Remediation & follow-up
We transform each discrepancy into dated actions, propose clauses, and plan for retesting.
Scoring
The overall score (0–100) provides an at-a-glance indication of the level of residual risk.
Thematic sub-scores (governance, security, incidents, continuity, data, tier 2 suppliers) help explain the result to business units and legal professionals. The thresholds are tailored to your context: a critical operator does not have the same expectations as a non-sensitive supplier.
We deliver the score, the evidence behind it, key gaps, and recommendations ranked by impact and effort.
Take action
Want a clear view of your priority third parties? We start with a group of 5 to 10 suppliers to establish the scoring, test the clauses, and initiate the first remediation measures.
Our articles
Discover the latest news and trends in governance and compliance.
