Eco-System Resilience
- External Dependencies Management Assessment

External Dependencies Management Assessment

The External Dependencies Management Assessment is a methodology that has been developed in the United States by the Department of Homeland Security in partnership with Carnegie Mellon University's Software Engineering Institute. It is widely used in the US Critical Infrastructure.

The External Dependencies Management (EDM) Assessment can be performed as a self-assessment or in a guided assessment process.

EDM Assessment

The EDM Assessment is based on the structure and method of the Cyber Resilience Assessment (CRA). It focuses on the external dependencies of a critical business service.

The EMD Assessment generates a report with explanatory and background material derived from the CERT Resilience Management Model. This can be used to improve in certian area's.

Three Area's

The EDM Assessment is divided in three area's:

1
. Relationship Formation: to assess how the organisatoin evaluates and controls the risks of relying on external entities before entering into relationships with them.
2. Relationship Management and Governance: to assess how the organisation manages ongoing relationships to maintain the resilience of the critical service and mitigate dependency risk.
3. Service Protection and Sustainment: to assess how the organisation accounts dependencies as part of its operational activities around managing incidents, disruptions and threats.

Maturity Indicator Levels

The EDM distinguishes five maturity indicator levels that are assessed across all ten domains. The performance scale depicts capabilities divided into five levels:
1. Complete
2. Performed
3. Managed
4. Measured
5. Defined

These Maturity Indicator level questions examine the institutionalisation of practices within an organisation.

The EDM process

The EDM Assessment can be performed as a self-assessment or in a guided assessment process.

The process is organised in steps:
Step 1: Scope and prepare the assessment
Step 2: Perform the assessment
Step 3: Review and debrief the outcomes of the assessment.

We can help you organise and guide the EDM Assessment process: contact us for more information.

Resources

More information about the External Dependencies Management Assessment methodology and the question set and guidance can be found on the website of the US Critical Infrastructure Security Agency (CISA):

Downloadable EDM Assessment Resources from the CISA website
September 2021