PR.AT-03

Have you established a formal program to ensure third-party stakeholders (suppliers, customers, partners) understand their cybersecurity roles and responsibilities?

Explanation

This question assesses whether your organization has implemented structured processes to educate and inform external parties about their security obligations when accessing or handling your systems and data. Effective third-party security awareness helps prevent incidents caused by external stakeholders who may not be familiar with your security requirements or who might inadvertently introduce risks. Evidence could include: third-party security training materials, signed security responsibility acknowledgments, onboarding documentation for partners that includes security responsibilities, security requirements in contracts, or records of security awareness sessions conducted with external stakeholders.

Context

Function
PR: PROTECT
Category
PR.AT: Awareness and Training
Sub-Category
Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron