A Third Party Information Security Assessment (TPISA) will identify any weaknesses in the handling your confidential data. We know that working with third parties can be a sensitive. TPISA is not an audit. The aim of the TPISA is simply to identify any security gaps or issues with the view to work together to mitigate risks.
Most third parties are much smaller than the multinationals they provide services to. Their compliance and governance levels are unlikely to be as mature as a multinational bank. Because third parties can save costs, increase, efficiency and perform non-core business processes they form a huge part of the financial services puzzle.
From the use of third party applications; to archiving of confidential documents; to outsourcing a business process to a low cost centre; your data is in their hands.
If the third party is not meeting your Information Security standards, then this risk needs to be identified, owned & addressed before it leads to a potential data leakage in the future. We will:
- Work with you to review and develop infosec compliant clauses for third party contracts.
- Conduct onsite information security assessments at the suppliers facilities
- Work with third party to implement a Corrective Action Plan
Contact us to to find out how our team can work with you to identify and mitigate risks associated with the use of third party service providers or suppliers who handle your confidential and sensitive data.