This message was posted by a user wishing to remain anonymous
Team,
I'm interested in your experience with outsourcing the InfoSec review portions of the Due Diligence & Risk Assessment.
We are looking for some scalable/on-demand assistance for our InfoSec SME team.
Have you used KY3P, TruSight, or a similar provider?
What was the impact/saving, if any, to your SME team? e.g. allowed my SME team to focus on the 20% with material follow-ups
Was it a risk based assignment of work to the outsource? e.g. our lowest inherent risk is always outsourced, our highest inherent risk remains in-house.
Did their review standards fall short, meet, or exceed you own?
Any other feedback welcome.