The risk posed by third-party or cloud vendors can be difficult to assess. Third-party risk also varies by industry and regulatory environments. Increasingly, financial regulators are concerned about the risk third-party vendors can pose to consumers and have been requiring more due diligence to be performed.
WHO’S IT FOR?
Any organization who is using or a third-party vendor to perform, host, develop or manage any business critical operation, application or function. If your organization is still evaluating third-party or cloud vendors, or is in the process of drafting a service level agreement (SLA) with a third-party vendor, the CipherTechs 3PV™ Assessment would offer you an opportunity to use the SLA to close any gaps identified by the 3PV™ Assessment.
HOW IS IT PERFORMED?
During a 3PV™ Assessment we will:
- Conduct a thorough risk assessment and perform the due diligence necessary to identify and understand any risks posed by the relationship with the third-party
- Evaluate the type of data your organization is sending to the third-party and whether the appropriate data protections are in place
- Verify that the third-party vendor understands and is capabale of complying with any compliance drivers or regulatory concerns
- Request and review all policies, procedures, internal controls and training materials
- Identify any risks posed by shared infrastructure or specific SaaS cloud services
- Identify inventory of locations or jurisdictions where your data is stored
- Ensure your incident response policy accurately reflects the risk of the third-party