Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

An Arlington Case Study

TPRM Case Study

Our Goal

Assist a medium-sized (272 employees) defense contractor (client) based in Northern, California with developing a comprehensive Third-Party Risk Management (TPRM) program.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Challenges & Needs

The client was undergoing tremendous growth, and in turn, had developed contractual relationships with approximately 55 third-parties. Senior management was concerned about growing data privacy and cybersecurity concerns in terms of how their defense information was being shared with their growing list of third-parties. Additional challenges included the following:
  • No TPRM Program in Place: The client had little, if any, documented processes in terms of monitoring their growing list of third-parties. There was no real due-diligence performed when on-boarding third-parties, along with no continuous monitoring initiatives in place.
  • No Documentation in Place. Along with having no formalized measures in place for TPRM, the client had essentially no documents in place regarding information security policies and procedures.
  • Weak System of Internal Controls: The client also lacked formality and structure in terms of having a sound grasp of internal controls and how to establish, enforce, and monitor an actual system of internal controls.
  • No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had history of managing any type of meaningful compliance project.

Our Solution

Arlington successfully implemented the following strategies and solutions:
  • Met with senior leadership and provided a complete strategy and plan-of-attack for designing, deploying, and implementing a robust, results-driven TPRM program from the ground up.
  • Met with key stakeholders within various departments/divisions, earning their acceptance and support for what would be an aggressive timeframe for project implementation and completion.
  • Identified gaps and deficiencies within the client’s information security, cybersecurity, data privacy, and H.R. and operational control environment, offering expert recommendations on remediation and next-steps.
  • Established contact and strong working relationships with all in-scope third-party vendors (i.e., managed security services providers)

Challenges Solved

  • Implementation of a true TPRM framework that successfully captured all external suppliers.
  • Developed all required TPRM policy documentation.
  • Conducted in-house training to all stakeholders on how to execute the TPRM program to all external suppliers.

Value Created

  • Put in place a corporate culture that now understands, respects, and truly values the concept of TPRM and the need for continuously monitoring all external suppliers.
  • TPRM - and the broader topic of regulatory compliance - was now viewed in a multi-dimensional value proposition that not only helped with stronger information security, but with enhanced business development opportunities, and increased client satisfaction and other related measures.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Services Rendered

Related Case Studies