A CipherTechs 3PV™ Assessment assists a business to ensure that selected third-party vendors are performing contractual requirements or meet industry cyber security regulations or standards.
If an organization does not know how secure their third-party vendors are, then future breaches may happen downstream if the third-party vendor is the source of the issues due to not having a strong cyber security program.
Who’s it for
Any organization who is using or a third-party vendor to perform, host, develop or manage any business-critical operation, application or function and had contractual relationships. If your organization is still evaluating third-party or cloud vendors, developing a third-party vendor management program, or is in the process of drafting a service level agreement (SLA) with a third-party vendor, or performs regular reviews of your third-party vendors, the CipherTechs 3PV™ Assessment would offer you an opportunity to use the SLA to close any gaps identified by the 3PV™ Assessment.
How is it performed
Depending upon the organizational objectives during a 3PV™ Assessment we will
- Conduct a thorough risk assessment and perform the due diligence necessary to identify and understand any risks posed by the relationship with the third-party
- Evaluate the type of data your organization is sending to the third-party and whether the appropriate data protections are in place
- Verify that the third-party vendor understands and is capable of complying with any compliance drivers or regulatory concerns
- Request and review all policies, procedures, internal controls and training materials
- Identify any risks posed by shared infrastructure or specific SaaS cloud services
- Identify inventory of locations or jurisdictions where your data is stored
- Ensure your incident response policy accurately reflects the risk of the third-party
- Or evaluation the third-party vendor against your contractual requirements and standards.