23 NYCRR 500 requires companies to implement a risk-based third-party diligence program to ensure all Third-Party Service Providers appropriately handle & protect nonpublic information. Companies must routinely and systematically assess all third-parties, including presumed low-risk third-parties, to demonstrate effective diligence & document evidence of controls.
We offer the only solution that quickly identifies which third-parties have access to NPI and accordingly, require periodic risk assessment.
The Third-Party Assessment is built upon globally recognized frameworks and regulatory guidelines and delivered through our unique service delivery model. This powerful solution eliminates manual, resource-intensive processes, enabling you to broaden the scope of your third-party risk management program while documenting and automating the entire process.