Third-party Risk Assessments

A CipherTechs 3PV™ Assessment assists a business to ensure that selected third-party vendors are performing contractual requirements or meet industry cyber security regulations or standards.

If an organization does not know how secure their third-party vendors are, then future breaches may happen downstream if the third-party vendor is the source of the issues due to not having a strong cyber security program.

Who’s it for

Any organization who is using or a third-party vendor to perform, host, develop or manage any business-critical operation, application or function and had contractual relationships. If your organization is still evaluating third-party or cloud vendors, developing a third-party vendor management program, or is in the process of drafting a service level agreement (SLA) with a third-party vendor, or performs regular reviews of your third-party vendors, the CipherTechs 3PV™ Assessment would offer you an opportunity to use the SLA to close any gaps identified by the 3PV™ Assessment.

How is it performed

Depending upon the organizational objectives during a 3PV™ Assessment we will

  • Conduct a thorough risk assessment and perform the due diligence necessary to identify and understand any risks posed by the relationship with the third-party
  • Evaluate the type of data your organization is sending to the third-party and whether the appropriate data protections are in place
  • Verify that the third-party vendor understands and is capable of complying with any compliance drivers or regulatory concerns
  • Request and review all policies, procedures, internal controls and training materials
  • Identify any risks posed by shared infrastructure or specific SaaS cloud services
  • Identify inventory of locations or jurisdictions where your data is stored
  • Ensure your incident response policy accurately reflects the risk of the third-party
  • Or evaluation the third-party vendor against your contractual requirements and standards.