WHAT IS THE THIRD-PARTY ASSESSMENT?
The Third-Party Assessment allows you to identify how your third-party service providers collect and use your organization's sensitive information and assess vendor competency for safe and appropriate access to and processing and storage of sensitive data.
WHY DO I NEED IT?
23 NYCRR 500.11(a) requires covered entities to evaluate the adequacy of their third-party’s cybersecurity practices with periodic assessments to ensure the security of systems and Non-Public Information (NPI).
Companies operating in the Dubai International Financial Center (DIFC) should only use data processors that provide sufficient data security guarantees. The Dubai Financial Services Authority expects companies to assess their key third-party providers’ cybersecurity posture.
Article 28 of the GDPR requires controllers to only engage third-party processors who provide sufficient guarantees to implement appropriate technical and organisational measures to meet the requirements of the GDPR and ensure the protection of the rights of the data subject.
Companies cannot simply claim ignorance of vendors’ inappropriate practices as a defense. Contracts must stipulate privacy and security requirements, but companies must take sufficient action to ensure that those contractual requirements are being fulfilled. Make sure service providers implement reasonable security measures. Put it in writing. Verify compliance.
The SEC has made it clear that material cybersecurity risks and incidents, including those caused by third-parties, should be disclosed to investors. Risks from vendors need to be addressed and constantly vetted and assessed.
Companies doing business with the U.S. federal government must comply with NIST SP 800 171 framework. FAR includes flow down provisions for subcontractors with Confidential Unclassified Information (CUI) or Federal Contract Information (FCI) in their information systems.
HOW DOES IT WORK?
We offer the only solution that quickly identifies which third-party service providers require comprehensive assessment according to key regulations.
The Third-Party Assessment is built upon globally recognized frameworks and regulatory guidelines and delivered through our unique service delivery model. This powerful solution eliminates manual, resource-intensive processes, enabling you to broaden the scope of your third-party risk management program while documenting and automating the entire process.
We provide the best practice standards and streamlined processes necessary to assess all vendors and surface hidden risks.
This service enables legal and compliance officers to comply with regulatory guidelines, while supporting IT efforts. The Third-Party Assessment is the most essential due diligence solution available.