Our Goal

Assist a medium-sized (272 employees) defense contractor (client) based in Northern, California with developing a comprehensive Third-Party Risk Management (TPRM) program.

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

Learn More

Challenges & Needs

The client was undergoing tremendous growth, and in turn, had developed contractual relationships with approximately 55 third-parties. Senior management was concerned about growing data privacy and cybersecurity concerns in terms of how their defense information was being shared with their growing list of third-parties. Additional challenges included the following:

No TPRM Program in Place: The client had little, if any, documented processes in terms of monitoring their growing list of third-parties. There was no real due-diligence performed when on-boarding third-parties, along with no continuous monitoring initiatives in place.
No Documentation in Place. Along with having no formalized measures in place for TPRM, the client had essentially no documents in place regarding information security policies and procedures.
Weak System of Internal Controls: The client also lacked formality and structure in terms of having a sound grasp of internal controls and how to establish, enforce, and monitor an actual system of internal controls.
No Project Management Experience for Regulatory Compliance: None of the internal I.T. and operational staff had history of managing any type of meaningful compliance project.

Our Solution

Arlington successfully implemented the following strategies and solutions:

Met with senior leadership and provided a complete strategy and plan-of-attack for designing, deploying, and implementing a robust, results-driven TPRM program from the ground up.
Met with key stakeholders within various departments/divisions, earning their acceptance and support for what would be an aggressive timeframe for project implementation and completion.
Identified gaps and deficiencies within the client’s information security, cybersecurity, data privacy, and H.R. and operational control environment, offering expert recommendations on remediation and next-steps.
Established contact and strong working relationships with all in-scope third-party vendors (i.e., managed security services providers)

Challenges Solved

Implementation of a true TPRM framework that successfully captured all external suppliers.
Developed all required TPRM policy documentation.
Conducted in-house training to all stakeholders on how to execute the TPRM program to all external suppliers.

Value Created

Put in place a corporate culture that now understands, respects, and truly values the concept of TPRM and the need for continuously monitoring all external suppliers.
TPRM - and the broader topic of regulatory compliance - was now viewed in a multi-dimensional value proposition that not only helped with stronger information security, but with enhanced business development opportunities, and increased client satisfaction and other related measures.

Why Arlington?

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Sidebar