Not All Assessments are the same

While some third-parties handle your customers’ personally identifiable information, others have access to your facilities. Different risks arise and therefore, different questions need to be asked.

ThirdPartyTrust makes it easy to scale custom assessments to hundreds of third-parties, so you can collect the right information based on the risk level. Rules and labels make it easy to customize and communicate what a third-party needs to provide based on varying levels of risk.

Collect Documents Based on Risk

You can increase the number of assessments done per year with the required documentation feature. By understanding the potential risk of a third-party, requirements can consist of:

  • Cyber Liability/ Data Privacy, Errors and Omissions, and Directors and Officers and other insurances
  • Certifications such as HIPAA, ISO 27001 and PCI DSS
  • Customized or Industry Standard Questionnaires
  • Attestations such as penetration testing, application scans and general security audits. 

You can also require your third-party to add their most critical vendors to the platform through a manual process. This is called a fourth-party vendor.

Tracking, Sorting and Segmenting

Teams can develop a system of labels, rules and filters to manage the overall approval process. Completion is then mapped in a status bar for everyone to see.

Filters allow to drill down to the third-parties that need attention sooner rather than later, and you can also use the labeling system to develop requirement rules around regulation, risk tiers and scores.

“By utilizing the Risk Impact section, we are able to cater our assessment based on the risk to our organization, and drive certain requirements as part of the review. There are multiple ways to enforce requirements (including labels, breaches, etc…)”

Information Business Liaison, Trustmark Companies

Looking to tier third-party assessments and collect the right information easily?