Tier 1 Cyber Arms Customers with OneTrust Vendorpedia to Tackle CMMC Supply Chain OperationsDOWNLOAD PDF
Tier 1 Cyber Arms Customers with OneTrust Vendorpedia to Tackle CMMC Supply Chain Operations
Tier 1 Cyber, an Alexandria, Virginia-based consulting and IT services firm, was founded to bring the expertise gained from protecting the nation’s most vital intelligence and military assets to the commercial sector. The company’s mission is to deliver world-class cybersecurity services to small and mid-size businesses that require advanced data protection.
As a trusted consultancy with 20+ years of team experience supporting clients in implementing, refining, and auditing Defense Federal Acquisition Regulation Supplement (DFARS), National Institute of Standards and Technology (NIST), and related standards, Tier 1 Cyber was tasked with helping clients prepare for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC).
Closing Ranks on a New Cybersecurity Standard
The CMMC was created by the DoD because the Pentagon identified the cybersecurity of its supply chain as a risk to the economy and national security. To combat the threat, all companies doing business with the DoD (over 300,000) are required to become CMMC certified.
In order to compete for and win new contracts, our DoD clients must become certified under CMMC. As part of this new requirement, our clients will have to ensure that their supply chain, which includes (1) vendors that support business processes and (2) subcontractors, are all CMMC certified.
Before the CMMC goes into effect, the Tier 1 Cyber team is setting up workstreams to ensure their clients have a good a baseline level of risk management and compliance in place. Tier 1 Cyber quickly realized the need for a technology solution to automate operations and serve as a central repository for client’s supply chain data.
Partnering with OneTrust Vendorpedia on the Front Lines of CMMC
To support their client’s CMMC efforts at scale, Tier 1 Cyber partnered with OneTrust Vendorpedia, using the third-party risk management platform to streamline and automate third-party risk assessment and due diligence.
Vendorpedia allows Tier 1 Cyber, and their clients, to evaluate the cybersecurity preparedness of the supply chain. With Vendorpedia, Tier 1 Cyber is able to evaluate a supplier’s CMMC process and practice maturity, mitigate associated risks, add business context to supplier risks, manage key contract terms, access pre-populated research via Vendorpedia’s Global Risk Exchange, monitor supplier risk and performance, and ultimately save money and reallocate resources.
Tier 1 Cyber leverages Vendorpedia as part of a CMMC evaluation and management program for vendors and subcontractors. Specifically to:
1. Create customized vendor and subcontractor evaluation program for DoD contractor with prioritization of vendors by criticality;
2. Support onsite verification of subcontractor’s compliance with CMMC (the onsite verification is a differentiator and a key element to the verification process);
3. Evaluate vendors, flag any issues, and guide CMMC evaluation of vendors;
4. Report findings and work with DoD contractor, vendors, and subcontractors to remediate any deficiencies; and
5. Grade vendors and subcontractors preparedness against each other and track compliance for DoD contractor so it can rest assured that the vendor is CMMC compliant and can be bid on contracts.
Vendorpedia allows Tier 1 Cyber to independently verify many CMMC compliance requirements without having to perform a full assessment of vendors that support corporate business processes. As such, Vendorpedia increases efficiency, and greatly reduces costs of evaluating the vendors.
Leveraging an Elite Technology Solution for CMMC and Beyond
Companies are prioritizing the evaluation of their key contractors and looking for tools and programs to independently verify their vendors and subcontractors in an efficient and non-intrusive manner. Combining the Vendorpedia platform with a Tier 1 Cyber CMMC vendor and subcontractor verification program has proved to be an ideal combination to ensure CMMC compliance of the entire supply chain.
As Tier 1 Cyber continues to support CMMC operations, they have their sights set on implementing OneTrust GRC, an integrated risk management solution to identify, track, remediate, and monitor risk across IT infrastructures, vendor relationships and operations for a complete enterprise view of risk across a business’s profile.
Vendorpedia has been a force multiplier for Tier 1 Cyber clients, and to say that it has utility is an understatement. Tier 1 Cyber looks forward to a continued partnership with OneTrust Vendorpedia and will continue to utilize the solution in CMMC client engagements and beyond.
To learn more about how OneTrust Vendorpedia helps with the Department of Defense’s CMMC, visit our frameworks page.