Third-party diligence is explicit or implied in every primary international regulation. The baseline expectation is that all vendors are being profiled, not only a select subset of processors and providers. As with all data privacy obligations, this is the responsibility of legal and compliance managers.
The Vendor Risk Profiling Service provides the most effective way to use international standards to simply and rapidly survey all vendors that are not currently being assessed by IT or other departments in your company. All surveys are built directly from international standards and proprietary research. The service enables unlimited survey distribution and easy identification of risk areas that require further review and resolution.
The Vendor Risk Profiling Service is COMPLIANT
- All surveys cover normal risk factors plus details about the types of sensitive personal and corporate data accessed, maintained, or stored.
- The Risk Profiling Survey enables broad distribution to otherwise “un-surveyed” vendors used globally to surface unknown risks.
- The Law Firm Risk Survey enables distribution to all law firms and employs the ACC Model Controls.
- The Comprehensive Risk Survey enables distribution to all high-risk vendors and is used where other “intensive” models are not in place.
- Our service delivery model automates survey delivery and reminder notices and centralizes all data collection, heat-mapping, and reporting.
- Our service delivery model eliminates tedious email survey distribution and error-prone, time-consuming spreadsheet reconciliation.
- Our proprietary technology enables each vendors’ point of contact to re-direct sections to appropriate experts, while still maintaining control and responsibility for submitting the completed surveys.
The Vendor Risk Profiling Service is DEFENSIBLE
- This service enables full coverage for all vendors, regardless of size or assumed risk level.
- Our technology eliminates internal “bandwidth” issues and enables full regulatory compliance.
- All vendor responses are centralized and maintained in structured formats for special analysis and reporting.
The Vendor Risk Profiling Service is REPEATABLE
- Our proprietary standards and technology enable full-scale re-assessing of any number of third parties with virtually no effort.
- Updated surveys are mapped to prior responses to provide “program maturity” standards for every vendor.