Managing third party and supply chain risk is critical to any organisation. An article by McKinsey highlights how regulators expect organisations to know their third parties. Regulations and legislation such as the European Union General Data Protection Regulation (GDPR), the New York Department of Financial Services (NYDFS) Cybersecurity regulation, and the Notifiable Data Breaches scheme in Australia highlight the importance of effective third party risk management and the potential for not only reputation damage as a result of a breach via a third party/supplier, but the potential for heavy penalties.
xGRC® TP helps you easily assess your third parties and identify key areas of information security & cyber risk. Traditionally, this process has been manual; sending spreadsheets back and forth and manually reviewing responses.
xGRC® TP makes assessing your third parties easy. Simply send an assessment request and wait for the results. There are two types of assessment option; Unverified, and Verified.
FREE Unverified Assessments
The recipient organisation completes the assessment and can upload and comment on any of the controls. Risk scores are generated, however, the responses are not verified. This type of assessment is useful for providing a quick assessment of a potential supplier or vendor.
There is no limit to the number of unverified assessments you send out.
Verified Assessment ✔
The recipient organisation completes an unverified assessment and then a process to verify the controls (and their maturity) occurs. Risk scores are subject to change depending on the verification result. This type of assessment provides the highest level of assurance and is conducted by qualified, experienced audit professionals.