Get In Touch

Register Interest

Australian Cyber Essentials (ACE) White Logo.

Enterprise Third Party Risk

Enterprises

Independent supplier assurance.

Supplier questionnaires have a place in vendor management, but they have a fundamental limitation, the answers are self-reported by your supplier.

There is no independent verification, no evidence review, and no accountability if the picture presented does not reflect reality. For enterprises managing a broad supplier base, that gap is a meaningful exposure.

Third-party risk management is now one of the most closely scrutinised areas in Australian cyber security governance.

Regulators, insurers, and boards are asking organisations to demonstrate not just that they have cyber security controls in place internally, but that the suppliers and vendors they rely on do too.

Requiring ACE certification as part of your supplier onboarding or renewal process is a practical step to reduce third-party risk in your supply chain.

What ACE Gives Enterprises

  • a more credible basis for supplier assurance helping with third party risk management
  • independent certification by Bureau Veritas
  • a clearer alternative to self-declaration alone
  • a tiered model that can work across a varied supplier base
  • confidence that suppliers have governance in place, not just technical controls
  • a future public verification register once certifications are live
  • stronger confidence when discussing supplier cyber risk internally

Don't take the supplier’s word.

Evidence based assessment certified by Bureau Veritas

Bureau Veritas logo who are the certification partner for Australian Cyber Essentials (ACE)

Common Questions

We already require ISO/IEC 27001 from some suppliers.

ISO/IEC 27001 remains a rigorous and respected standard. ACE is intended to sit alongside existing assurance models and provide a more practical pathway for suppliers that are unlikely to achieve full ISO/IEC 27001 certification in the near term.

We already use supplier questionnaires.

Questionnaires still reflect what a supplier says about itself. ACE is intended to provide a more credible, independently reviewed basis for assurance to reduce your third-party risk.

We already have our own third-party risk framework.

ACE is designed to complement existing supplier risk processes, not replace them.

Combined diagonal image to represent the types of businesses in a supply chain Australian Cyber Essentials (ACE) can help protect. Customer service / call centres, warehouse & logistics and technical and IT third parties

Interested in ACE for your organisation or supply chain?

Register your interest and the ACE programme team will review your enquiry and respond.

Register Interest
Get In Touch