Cameron Garrity No Comments

CastleHill Expands it’s Assessment Services by Powering ProcessUnity’s Assessment as a Service Offering

As the longest-tenured partner, CastleHill is proud to execute the assessment service activities at the core of ProcessUnity’s newly announced Assessment as a Service offering. At CastleHill, we have been providing outsourced assessment services to our own clients under our “GRCaaS” (GRC as a Service) offering for several years.  Expanding our delivery model to support ProcessUnity’s new offering to their existing and prospective clients was a natural extension of our services, providing tremendous value to everyone involved.

We are excited to expand our partnership with ProcessUnity and supporting their goal of delivering more value-added services to their existing and future customers.

Find information on ProcessUnity’s Assessment as a Service offering at this link.

Find information on CastleHill’s GRC as a Service (GRC) at this link.

Key Benefits of Outsourcing TPRM Assessment & Program Activities

Leveraging CastleHill’s experience in third-party risk management, our services provide built-in processes, resource continuity, program scalability, and in-depth technical and domain expertise —all at an affordable price point. With CastleHill, you can count on efficient and effective services that reduce the assessment lifecycle, identify and mitigate risk, and delivers peace of mind.

Additionally, outsourcing services free your internal resources from the administrative and technical burdens of managing the day to day activities of a TPRM program, allowing them to focus on managing risk and the many other activities core to the organization.  We provide the technology, expertise, and resources needed to make your program a success. 

What you get with Assessment as a Service

Vendor Onboarding and Risk Tiering

  • Direct support for your internal vendor relationship managers
  • Gating and Inherent Risk Questionnaire management
  • OFAC and Credit Checks (utilizing the client’s current contracted services/tools)
  • Other client-specific onboarding/compliance checks

Due Diligence Assessment Execution

  • Scoping and issuance of due diligence questionnaires 
  • Direct support for your vendors in completing in-process assessments 
  • Review of response quality and supporting documentation 
  • Vendor follow-up for response gap remediation  
  • Document and record findings 
  • Assessment closeout and logging of issues 
  • Final report issuance 

How is Assessment as a Service Priced?

Assessment as a Service is an affordable fixed-cost service. Service pricing is calculated based on a one-time setup fee and the number of assessments to be performed on your organization’s behalf. 

One-time set up fee that covers: 

  • Review and standardization of workflows and hand-offs 
  • Establishment of specific review requirements and closeout procedures 
  • Build out of assessment service reports 

Assessment Packs by Type:

  • Inherent Risk Profile (100 minimum) 
  • SIG Lite or Comparable Scope (20 minimum) 
  • SIG Core or Comparable Scope (20 minimum) 
  • Business Associate Assessment (200 minimum) 

Add-on services, including client-provided questionnaire configuration, custom questionnaire development, and non-standard assessment response analysis, are available for an additional cost.  

Learn more about the Assessment as a Service offering from CastleHill and ProcessUnity by contacting us at

Cameron Garrity No Comments

The Impact of a New Administration on CyberSecurity

On January 20th, a new administration was sworn into office, and with this comes questions for many, especially those wondering how Joe Biden will tackle cybersecurity problems.

After the SolarWinds breach, Biden went on to say “We’re still learning about the extent of the SolarWinds attack and the vulnerabilities that have been exposed.” He later went on to say, “This attack constitutes a grave risk for national security.” Biden’s team has yet to release specific orders or policies related to cybersecurity, but he has mentioned it’s possible we will need to spend billions of dollars to secure the cyberspace from outside threats.

What to expect from the New Administration

To start, the Biden administration will need to fill a very important leadership role, the CISA director. By selecting the right leader for this role, the united states would be poised to building deeper relationships with the private sector, on route to confronting the issue of cybersecurity

Biden’s response to the SolarWinds hack will set the tone for the new administration’s cyber policies moving forward. It is clear there is a different approach laid out by the Biden administration as they attempt to re-create and re-enter global agreements that will help address some of our security issues.

The US Senate confirmed President Biden’s Choice of Lloyd Austin for Defense Secretary on January 22nd, 2021. Austin quickly confirmed in his hearing, his priority for the ongoing review of the Nation’s cybersecurity policies.

Austin Indicated that the U.S. needs to have a better focus on cybersecurity moving forward. “I believe the Department must effectively counter these campaigns by taking proactive action to: generate insights about the adversary’s cyber operations and capabilities; enable its interagency, industry, and international partners to create better defenses, and; acting, when necessary, to disrupt adversary cyber actors and halt malicious activities,” Austin said.

The Cyber Super Team

Biden has already hand picked a “world class” cyber security team that has received praise from former DoD officials. The team will consist of former national security veterans with an expansive experience in cybersecurity.

Biden must select a leader for a cyber focused office due to a new law that requires the president to name someone that will report to the new National Cyber Director. Headlining the potential candidates for the cyber director role, is Jen Easterly, a former NSA Official, and current head of resilience at Morgan Stanley. Easterly was a member of the Obama Administration and helped create the U.S Cyber Command, the Nation’s cyber warfare unit.

Securing the Cyberspace

Securing our cyberspace should be priority number one for the Secretary of defense as this poses an immediate national security risk. The information of the United States and its people are at risk. The Biden Administration will have a challenging task ahead of them as they try and get a grip on data breaches and securing our cyberspace. Secure cyberspace will lead to a secure country, and it is paramount that the new administration works closely with the private and global sectors to ensure this happens swiftly.

What Should I Do Right Now

With Cybersecurity and Information Security initiatives at the forefront of protecting the valuable and sensitive data your organization manages, often with third parties, a vigorous internal and external assessment activity is prudent.  Looking at your current risk management programs and understanding your strengths and weaknesses allows you to prioritize your initiatives.  For example, how strong is your third-party risk management (TPRM) program, and is there a need to add new content to your assessments?  Should you run supplementary assessments against your critical vendor population to determine if your vendors used Solarwinds software, or if they are adequately managing the newly identified risks related to working from home, etc.?  Internally, consider whether your people are properly trained to monitor and react to newly identified threats?  Is there a straightforward process in place for managing newly identified risks?  All of the answers to these questions should be discussed candidly within the organization, with continuous improvement in mind.  Sometimes, self-reflection is the best starting point!      

If your organization is in need of Third-Party Risk Management capabilities, such as supplemental assessments, reach out to us at or visit us at

Cameron Garrity No Comments

Global TPRM: Cross Industry Congress

We’re proud to be sponsoring CeFPro’s Global TPRM: Cross Industry Congress, taking place virtually on 8-9 December.

Hear from 25+ industry professionals from a diverse range of sectors, as they share their knowledge across 3 individual workstreams, that include; Third Party Risk & Continuity, Technology & Security and Supply Chain & Resilience. In addition to this Global TPRM features keynote and plenary sessions that will cover; Supply Chain Management, Maturing TPRM and Global Trends.

Network with us at our virtual booth, and view our products, solutions and whitepapers!

Secure your complimentary pass* at by registering online at

*Complimentary passes are only available to those representing a regulated institution or government body


Cameron Garrity No Comments

The CastleHill Assessment Portal Webinar 2020

On Thursday November 19th at Noon (ET) internationally recognized GRC expert Tim Carbery will lead a live one-hour webinar on

Reducing Costs and Increasing Speed Collecting Data for RSA Archer.

The CastleHill Assessment Portal (“CAP”) for RSA Archer is designed to make respondent interactions and data collection simple and efficient, with advanced features that go well beyond what can be done using native Archer functionality.

Eliminate decentralized communication, limited workflows, and manual data feeds. The CAP allows secure process management and collection of vendor provided data through a professionally developed integration layer that segregates systems through a seamless, transparent, and light weight application.

Reduce Costs and Simplify Assessment Responses

  • Option to Include Previous Response data as part of the reassessment process
  • Affordable cloud-based solution
  • Intuitive user-friendly interface
  • Supports both internal and external assessments
  • Streamlines interactions between assessors and respondents
  • Log findings and issues right from the portal
  • Automatic parent/child question display
  • Analysts can review assessments and interact with respondent
  • Allows analysts to add internal notes for each question, not visible to respondent
  • Allows reviewers to add Feedback for each question, visible to Respondent and requiring follow-up response
  • Automate audit trails in the assessment process
  • Eliminates the need for spreadsheets and email correspondence
  • Seamless integration with RSA Archer
  • Respondents operate outside of RSA Archer, providing added security
  • Single Sign-On (SSO) for internal users
  • Mobile friendly
  • Perform 4th Party Assessments


About CastleHill

CastleHill Managed Risk Solutions offers professional advisory services and technology implementations as well as managing your GRC programs and processes. CastleHill’s expert teams of risk and compliance professionals, are practitioners first, coming directly from the industries they serve on a daily basis. Whether you need pure advisory services or end-to-end solutions, CastleHill can find the right model for your organization, so you can focus on your core competencies and responsibilities.



Cameron Garrity No Comments

Coffee With Wolters Kluwer and CastleHill

Join CastleHill and Wolter’s Kluwer for a virtual event and receive a free latte on us! Tim Carbery will lead the talk for CastleHill as we discuss how banking regulations have been impacted by COVID-19


Register here: