Product
tprm software

Manage the Complete Vendor Lifecycle

Easily manage your third-party risk management activities across the vendor lifecycle – onboarding, ongoing management, offboarding.

Take a Product Tour to See Venminder in ActionNew
View Pricing & Packaging
     
    vendiligence

    Outsource Vendor Control Assessments

    Order due diligence assessments on your vendors that include qualified risk ratings and reviews from Venminder experts.
       
      venmonitor

      Continuously Monitor with Risk Intelligence

      Seamlessly combine risk intelligence data to monitor for risks within cybersecurity, business health, financial viability, privacy, ESG and more.
        samples library
        Why Venminder
        case studyCase Studies

        Learn how our customers have managed their vendors and risk with Venminder.

        researchIndependent Research

        Check out independent research that validates Venminder's market leader position.

        Take a Product Tour to See Venminder in ActionNew
           
          check whyWhy Venminder

          See why Venminder is uniquely positioned to help you manage vendors and risk.

          customer experienceCustomer Experience

          Our team is committed to a single goal: a customer experience second to none.

          implementationImplementation

          We offer quick and customer-focused implementation for fast ramping.
             
            business caseBusiness Case

            Learn practical steps to create and present a business case for third-party risk management to stakeholders.

            industriesIndustries

            Learn how Venminder helps companies of all sizes and within all industries.
              samples library
                Education
                resourcesResources

                Download complimentary resources to guide you through all the various components of a successful third-party risk management program.
                blogBlog

                Read Venminder's blog of expert articles covering everything you need to know about third-party risk management.
                   
                  webinarsWebinars

                  Earn CPE credit and stay current on the latest best practices and trends in third-party risk management
                  online communityCommunity

                  Join a free community dedicated to third-party risk professionals where you can network with your peers.
                     
                    samples librarySamples

                    Download samples of Venminder’s vendor risk assessments and see how we can help reduce the workload.

                    third party thursday newsletterWeekly Newsletter

                    Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.
                      build effective vendor risk management program
                      State of Third-Party Risk Management 2024
                       

                      Venminder's State of Third-Party Risk Management 2024 whitepaper provides third-party risk management insight and industry statistics to help you make informed programs decisions. Learn how others are managing third-party risk.

                      Download Now ➔
                        About
                        venminderCompany

                        Venminder is the industry's leading third-party risk management solution provider.
                        careersCareers

                        We're hiring! Explore career opportunities and learn more about Venminder culture.

                        Take a Product Tour to See Venminder in ActionNew
                           
                          partnersOur Partners

                          Check out the select partners we aligned with to provide additional solutions and services.

                          partner programPartner Program

                          Learn how to become a Venminder integration or referral partner.
                             
                            request a demoRequest a Demo

                            See how Venminder can enable you to run an efficient third-party risk program.

                            contact usContact Us

                            Get in touch with a member of your team to discuss a question you may have.

                            customer supportCustomer Support

                            Already a Venminder customer? Connect with the Customer Support Team.
                              g2 recognition venminder
                                Software

                                Gain a 360-degree view of third-party risk by using our SaaS software to centralize, track, automate, assess and report on your vendors. 

                                Vendor Risk Assessments

                                Venminder's team of experts can review vendor controls and provide the following risk assessments.

                                Managed Services

                                Let us handle the manual labor of third-party risk management by collaborating with our experts to reduce the workload and mature your program. 

                                Overview
                                Document Collection
                                Policy/Program Template/Consulting
                                Virtual Vendor Management Office
                                Vendor Site Audit

                                Ongoing Monitoring

                                Let us handle the manual labor of third-party risk management by collaborating with our experts.

                                VX LP Sequence USE FOR CORPORATE SITE-thumb
                                Venminder Exchange

                                As Venminder completes assessments for clients on new vendors, they are then made available inside the Venminder Exchange for you to preview scores and purchase as you need.

                                CREATE FREE ACCOUNT

                                Use Cases

                                Learn more on how customers are using Venminder to transform their third-party risk management programs. 

                                Industries

                                Venminder is used by organizations of all sizes in all industries to mitigate vendor risk and streamline processes

                                Why Venminder

                                We focus on the needs of our customers by working closely and creating a collaborative partnership

                                1.7.2020-what-is-a-third-party-risk-assessment-FEATURED
                                Sample Vendor Risk Assessments

                                Venminder experts complete 30,000 vendor risk assessments annually. Download samples to see how outsourcing to Venminder can reduce your workload.

                                DOWNLOAD SAMPLES

                                Resources

                                Trends, best practices and insights to keep you current in your knowledge of third-party risk.

                                Webinars

                                Earn CPE credit and stay current on the latest best practices and trends in third-party risk management.  

                                See Upcoming Webinars

                                On-Demand Webinars

                                 

                                Community

                                Join a free community dedicated to third-party risk professionals where you can network with your peers. 

                                Weekly Newsletter

                                Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

                                Subscribe

                                 

                                Venminder Samples

                                Download samples of Venminder's vendor risk assessments and see how we can help reduce the workload. 

                                resources-whitepaper-state-of-third-party-risk-management-2023
                                State of Third-Party Risk Management 2023!

                                Venminder's seventh annual whitepaper provides insight from a variety of surveyed individuals into how organizations manage third-party risk today.

                                DOWNLOAD NOW

                                Product
                                software platformSoftware Platform

                                Manage the complete vendor lifecycle - onboarding, ongoing management, offboarding.

                                control assessmentsControl Assessments

                                Order due diligence assessments on your vendors that include qualified risk ratings and reviews.
                                   
                                  managed servicesManaged Services

                                  Reduce the workload with customized outsourced services (eg: document collection).

                                  continuous monitoringContinuous Monitoring

                                  Monitor for risks within cybersecurity, business health, financial viability and more.

                                     
                                    exchange vendorsExchange for Vendors

                                    Shorten the sales cycle by becoming due diligence ready for prospects and customers.

                                    exchange professionalsExchange for Professionals

                                    Access a free library of thousands of vendor risk assessments available for preview and purchase.

                                      Control Assessments

                                      Vendiligence™ Control Mapping Guide

                                      Use our Vendiligence™ Control Mapping tool to understand how Venminder's Control Assessments map to regulatory requirements, standards, frameworks, and laws as well as details surrounding each control and common documents you can expect to find those controls in. 

                                      This page is designed for desktop use and does not work on smaller devices.

                                      Section
                                      Control
                                      Control Reference
                                      Regulation
                                      Control Assessment
                                      Section
                                      The specific Section covered in each Vendiligence™ Control Assessment. These designated Sections cover important risk domains and highlight key areas of importance to empower you to make better risk-based decisions on your vendors or suppliers.
                                      Control
                                      The Control that the Vendiligence™ Control Assessment has been mapped and is aligned to. These Controls ensure you can verify that your vendor or supplier is meeting a particular action, set of actions, or lack of action taken to uphold a standard, regulation, framework, or law.
                                      Control Reference
                                      The unique reference codes or identifiers associated with controls, standards, and regulations. These references link back to the broader guidelines, ensuring you can quickly understand the control's relevance and context.
                                      Regulation
                                      The external standard, regulation, framework, or law that each Control and risk domain is mapped to. By understanding which controls are being met and answered, you can ensure compliance with those your organization must meet.
                                      Control Assessment
                                      The Vendiligence™ Control Assessment(s) that address the specific area of concern. Whether filtering by section, control, control reference, or standard/regulation, you can comprehend which risk-based assessment(s) focus on the particular issue of interest. These assessments evaluate the efficiency and effectiveness of the controls and determine how well a vendor or supplier complies with the listed standard, regulation, framework, or law.
                                      Business Continuity
                                      A Business Impact Analysis is performed

                                      Evidence that a Business Impact Assessment (BIA) is performed regularly. A BIA is a process to determine and evaluate the potential effects of an interruption to critical business operations because of a disaster, accident, or emergency.

                                      Evidence Examples

                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      BCP.III.A:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      A Business Impact Analysis is performed

                                      Evidence that a Business Impact Assessment (BIA) is performed regularly. A BIA is a process to determine and evaluate the potential effects of an interruption to critical business operations because of a disaster, accident, or emergency.

                                      Evidence Examples

                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      CSF.ID.RA-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      A dedicated team is focused on BCP and DR

                                      Evidence that a team (e.g. BC Steering Committee, BC Team) or Individual (e.g. Policy Owner, BC Coordinator)is clearly identified as responsible for creation and maintenance of the BCP/DRP. Defined accountability.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.II.A:pg4
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      A dedicated team is focused on BCP and DR

                                      Evidence that a team (e.g. BC Steering Committee, BC Team) or Individual (e.g. Policy Owner, BC Coordinator)is clearly identified as responsible for creation and maintenance of the BCP/DRP. Defined accountability.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.I.B.4:pg12
                                      FFIEC IT Examination Handbook - Management Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      A dedicated team is focused on BCP and DR

                                      Evidence that a team (e.g. BC Steering Committee, BC Team) or Individual (e.g. Policy Owner, BC Coordinator)is clearly identified as responsible for creation and maintenance of the BCP/DRP. Defined accountability.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-1(b)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Alternative subservice data center configuration

                                      Information on whether the backup data center is configured as hot (active-active), warm (active-passive, active-ready) or cold.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-7(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      An alternative subservice data center is available

                                      Evidence that backup data is copied over a network to an alternate physical location to protect it from natural disasters.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.IV:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      An alternative subservice data center is available

                                      Evidence that backup data is copied over a network to an alternate physical location to protect it from natural disasters.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.IV.A.4:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      An alternative subservice data center is available

                                      Evidence that backup data is copied over a network to an alternate physical location to protect it from natural disasters.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.V.C.2:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      An alternative subservice data center is available

                                      Evidence that backup data is copied over a network to an alternate physical location to protect it from natural disasters.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      800-53-r5-CP-7(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      An alternative subservice data center is available

                                      Evidence that backup data is copied over a network to an alternate physical location to protect it from natural disasters.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      800-53-r5-PE-17(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of scenarios are planned for: loss of office availability, loss of critical subservice, other

                                      Evidence that BCP and DRP plans for specific scenarios that would interrupt service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Pandemic Plan
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of tests are performed: tabletop, simulation, full interruption

                                      Ensures that both the BCP and DRP are tested at an appropriate level to ensure the ability to continue business and recovery from a disaster.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • BCP Test Results (Executive Overview)
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of tests are performed: tabletop, simulation, full interruption

                                      Ensures that both the BCP and DRP are tested at an appropriate level to ensure the ability to continue business and recovery from a disaster.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • BCP Test Results (Executive Overview)
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.9.3
                                      OSFI B-13 Technology and Cyber Risk Management
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP frequency of testing

                                      The defined rate at which the BCP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • BCP Test Results (Executive Overview)
                                      BCP.VII.A:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP frequency of testing

                                      The defined rate at which the BCP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • BCP Test Results (Executive Overview)
                                      BCP.VII.A:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP frequency of testing

                                      The defined rate at which the BCP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • BCP Test Results (Executive Overview)
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP frequency of testing

                                      The defined rate at which the BCP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • BCP Test Results (Executive Overview)
                                      ISO.A.5.30
                                      ISO/IEC 27001:2022
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP frequency of testing

                                      The defined rate at which the BCP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • BCP Test Results (Executive Overview)
                                      800-53-r5-CP-4(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP last tested

                                      Evidence that the BCP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • BCP Test Results (Executive Overview)
                                      BCP.VII.A:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP last tested

                                      Evidence that the BCP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • BCP Test Results (Executive Overview)
                                      BCP.VII.A:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP last tested

                                      Evidence that the BCP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • BCP Test Results (Executive Overview)
                                      ISO.A.5.30
                                      ISO/IEC 27001:2022
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP last tested

                                      Evidence that the BCP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • BCP Test Results (Executive Overview)
                                      800-53-r5-CP-4(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP test findings remediated by date

                                      Evidence that BCP vulnerabilities are remediated in a timely manner.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      BCP.VII.K:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP test findings remediated by date

                                      Evidence that BCP vulnerabilities are remediated in a timely manner.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      800-53-r5-CP-4(c)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP/DRP offline access

                                      Evidence that the Vendor stores a copy of their BC/DR plans offline in case the digital/electronic copy is not available in a disaster or incident.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      BCP.IV.A.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.II.A:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.II.A:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.V:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IX:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.WP.12.9.a
                                      FFIEC IT Examination Handbook - Management Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.WP.12.9.c
                                      FFIEC IT Examination Handbook - Management Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-2(a)(7)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Board of Directors or Senior Management provides oversight of the BCP

                                      Evidence that Senior leadership provides an overview of the development and implementation of the BCP.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-9
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Both IT and Business Unit staff are included in BC/DR testing

                                      Evidence that the Vendor includes both the IT teams designated for BC/DR but also the business units that are being impacted in a testing scenario.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • IT Recovery Plan
                                      • Disaster Recovery Plan
                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.VII.D:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Documented process for client notification of service interruption or degradation

                                      Documented policy for client related notification that includes a process as well as a timeframe for any situation that limits or alters service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-2.4.2.1
                                      OSFI B-10 Third-Party Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Documented process for client notification of service interruption or degradation

                                      Documented policy for client related notification that includes a process as well as a timeframe for any situation that limits or alters service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.B:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Documented process for client notification of service interruption or degradation

                                      Documented policy for client related notification that includes a process as well as a timeframe for any situation that limits or alters service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)6(ii)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Documented process for client notification of service interruption or degradation

                                      Documented policy for client related notification that includes a process as well as a timeframe for any situation that limits or alters service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.11.b.3
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP frequency of testing

                                      The defined rate at which the DRP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.A:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP frequency of testing

                                      The defined rate at which the DRP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.A:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP frequency of testing

                                      The defined rate at which the DRP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP frequency of testing

                                      The defined rate at which the DRP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      800-53-r5-CP-4(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP last tested

                                      Evidence that the DRP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.A:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP last tested

                                      Evidence that the DRP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.A:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP last tested

                                      Evidence that the DRP has been tested within the last 18 months.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      800-53-r5-CP-4(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP test findings remediated by date

                                      Evidence that any findings that stemmed from a Disaster Recovery test are slated to be addressed and remediated by a specific date.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.K:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP test findings remediated by date

                                      Evidence that any findings that stemmed from a Disaster Recovery test are slated to be addressed and remediated by a specific date.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      800-53-r5-CP-4(c)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP frequency of testing

                                      The defined rate at which the BCP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • BCP Test Results (Executive Overview)
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      BCP test findings remediated by date

                                      Evidence that any findings that stemmed from a Business Continuity test are slated to be addressed and remediated by a specific date.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP frequency of testing

                                      The defined rate at which the DRP is tested. (Annually, semi-annually, quarterly, monthly, daily, etc)

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Employees trained on Business Continuity and Disaster Recovery

                                      Ensures that employees receive annual training on coordinating emergency responses and restoring business processes

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.II.A:pg4
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Employees trained on Business Continuity and Disaster Recovery

                                      Ensures that employees receive annual training on coordinating emergency responses and restoring business processes

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-2(g)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      DRP test findings remediated by date

                                      Evidence that any findings that stemmed from a Disaster Recovery test are slated to be addressed and remediated by a specific date.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Business Continuity Plan (BCP)

                                      Evidence that Vendor has a documented BCP that includes recovery and continuity provisions for people, processes, and office buildings.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Ensure a DRP is documented which concerns IT hardware, servers, data centers, and networking equipment.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      OSFI-B-10-2.3.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Ensure a DRP is documented which concerns IT hardware, servers, data centers, and networking equipment.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      OSFI-B-13-2.9.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are a part of internal or external audits/assessments

                                      Evidence that the BCP and/or DRP are validated as part of internal and/or external audits/assessments

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.II.B:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.VII:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-1(c)(1)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-1(c)(2)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-2(e)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      CSF.RS.RP-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      CSF.RS.IM-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans are updated with any signifiant organization changes

                                      Documented within the overall plan that updates are done with any significant changes such as significant employees joining or leaving an org or business unit, the introduction or removal of products or technologies, and related process changes.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      CSF.RS.IM-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.V:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.VII:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      ISO.A.5.30
                                      ISO/IEC 27001:2022
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-1(c)(1)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-1(c)(2)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      800-53-r5-CP-2(d)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans undergo ongoing maintenance

                                      Documented evidence that BCP/DRP are reviewed and modified, if needed, on a reoccuring schedule. Trhe schedule should be defined ad should be at least annually.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      CSF.PR.IP-9
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.IV.A.5:pg4
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.VII.I:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.VII.I:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.IV.A.5:pg4
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.VII.I:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.VII.I:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      CSF.ID.SC-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Plans were developed in coordination with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are developed in conjunction with those subservice organizations to ensure they can continue to provide their critical component in a disaster or incident.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      CSF.ID.SC-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Recovery Point Objective (RPO)

                                      Is a Recovery Point Objective established and documented? An RPO is the amount of data loss accepted for normal operations to resume if a computer, system, or network goes down because of a disaster or business impact.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      BCP.III.A.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Recovery Point Objective (RPO)

                                      Is a Recovery Point Objective established and documented? An RPO is the amount of data loss accepted for normal operations to resume if a computer, system, or network goes down because of a disaster or business impact.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Recovery Time Objective (RTO)

                                      Is a Recovery Time Obejctive established and documented. A RTO is the duration of time which a business process must be restored, to a predetermined level of service.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      BCP.III.A.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Recovery Time Objective (RTO)

                                      Is a Recovery Time Obejctive established and documented. A RTO is the duration of time which a business process must be restored, to a predetermined level of service.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      RPO tested and met

                                      Evidence that the RPO been tested and validated that the Vendor can meet the targeted time

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      BCP.VII.G.4:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      RTO tested and met

                                      Evidence that the RTO been tested and validated that the Vendor can meet the targeted time

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Business Impact Analysis
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      BCP.VII.G.4:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.IV.A.5:pg4
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.I:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.I:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.IV.A.5:pg4
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.I:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.I:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      CSF.ID.SC-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Testing has occurred with subservice organization(s)

                                      This is relevant when a Vendor uses a subservice for a critical funciton. If that is the case, there should be evidence that the BCP/DRP are tested in conjunction with those subservice organizations to ensure they can continue to provide their critical

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      CSF.ID.SC-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of scenarios are planned for: loss of office availability, loss of critical subservice, other

                                      Evidence that BCP and DRP plans for specific scenarios that would interrupt service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.IV:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of scenarios are planned for: loss of office availability, loss of critical subservice, other

                                      Evidence that BCP and DRP plans for specific scenarios that would interrupt service.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.IV.A.4:pg2
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of tests are performed: tabletop, simulation, full interruption

                                      Ensures that both the BCP and DRP are tested at an appropriate level to ensure the ability to continue business and recovery from a disaster.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of tests are performed: tabletop, simulation, full interruption

                                      Ensures that both the BCP and DRP are tested at an appropriate level to ensure the ability to continue business and recovery from a disaster.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.G.1:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of tests are performed: tabletop, simulation, full interruption

                                      Ensures that both the BCP and DRP are tested at an appropriate level to ensure the ability to continue business and recovery from a disaster.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.G.2:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      The following types of tests are performed: tabletop, simulation, full interruption

                                      Ensures that both the BCP and DRP are tested at an appropriate level to ensure the ability to continue business and recovery from a disaster.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Disaster Recovery Test Results (Executive Overview)
                                      BCP.VII.G.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Business Continuity Plan (BCP)

                                      Evidence of a Business Continuity Policy that outlines how a company will continue operating during and after a disruptive event, like a natural disaster, cyberattack, or any major incident.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Business Continuity Plan (BCP)

                                      Evidence of a Business Continuity Policy that outlines how a company will continue operating during and after a disruptive event, like a natural disaster, cyberattack, or any major incident.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      ISO.A.5.29
                                      ISO/IEC 27001:2022
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Business Continuity Plan (BCP)

                                      Evidence of a Business Continuity Policy that outlines how a company will continue operating during and after a disruptive event, like a natural disaster, cyberattack, or any major incident.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      800-53-r5-CP-2(a)(1)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Business Continuity Plan (BCP)

                                      Evidence of a Business Continuity Policy that outlines how a company will continue operating during and after a disruptive event, like a natural disaster, cyberattack, or any major incident.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      CSF.PR.IP-9
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Business Continuity Plan (BCP)

                                      Evidence of a Business Continuity Policy that outlines how a company will continue operating during and after a disruptive event, like a natural disaster, cyberattack, or any major incident.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      EU2022/2555.IV.21.2(c)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Evidence of a Disaster Recovery Plan that outlines how a vendor will restore its IT systems and data after a disruptive event, such as a natural disaster, cyberattack, or hardware failure.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      BCP.V.F:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Evidence of a Disaster Recovery Plan that outlines how a vendor will restore its IT systems and data after a disruptive event, such as a natural disaster, cyberattack, or hardware failure.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      OP.III.F:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Evidence of a Disaster Recovery Plan that outlines how a vendor will restore its IT systems and data after a disruptive event, such as a natural disaster, cyberattack, or hardware failure.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Evidence of a Disaster Recovery Plan that outlines how a vendor will restore its IT systems and data after a disruptive event, such as a natural disaster, cyberattack, or hardware failure.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      800-53-r5-CP-2(a)(2)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Evidence of a Disaster Recovery Plan that outlines how a vendor will restore its IT systems and data after a disruptive event, such as a natural disaster, cyberattack, or hardware failure.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      CSF.PR.IP-9
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has documented Disaster Recovery Plan (DRP)

                                      Evidence of a Disaster Recovery Plan that outlines how a vendor will restore its IT systems and data after a disruptive event, such as a natural disaster, cyberattack, or hardware failure.

                                      Evidence Examples

                                      • Disaster Recovery Plan
                                      EU2022/2555.IV.21.2(c)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has reviewed subservice organization(s) BCP

                                      Evidence that the Vendor has a process in place to regularly review their subservice organizations BC/DR plans as part of their ongoing TPRM program. This is critical if the Vendor outsources a Data Center or hosting function to a subservice organization

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vendor Management Policy
                                      BCP.B.2:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has reviewed subservice organization(s) BCP

                                      Evidence that the Vendor has a process in place to regularly review their subservice organizations BC/DR plans as part of their ongoing TPRM program. This is critical if the Vendor outsources a Data Center or hosting function to a subservice organization

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vendor Management Policy
                                      BCP.IV.A.5:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has reviewed subservice organization(s) BCP

                                      Evidence that the Vendor has a process in place to regularly review their subservice organizations BC/DR plans as part of their ongoing TPRM program. This is critical if the Vendor outsources a Data Center or hosting function to a subservice organization

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vendor Management Policy
                                      BCP.B.2:pg3
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor has reviewed subservice organization(s) BCP

                                      Evidence that the Vendor has a process in place to regularly review their subservice organizations BC/DR plans as part of their ongoing TPRM program. This is critical if the Vendor outsources a Data Center or hosting function to a subservice organization

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vendor Management Policy
                                      BCP.IV.A.5:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor utilizes the following for personnel recovery

                                      Can employees transfer to a remote work environment or designated alternate facility if the main facility is unavaible.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      BCP.V.C:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Business Continuity
                                      Vendor utilizes the following for personnel recovery

                                      Can employees transfer to a remote work environment or designated alternate facility if the main facility is unavaible.

                                      Evidence Examples

                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      OP.III.F:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      CPRA.3(a)(3)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      CPRA.3(b)(4)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      CPRA.5(a)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      PIPEDA-1-4.9.5
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      PIPL-47
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      CPA.6-1-1302(c)(II)(A)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      CPA.6-1-1306(1)(d)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      CTDPA.4(a)(3)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      GDPR-15(1)(c)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      800-53-r5-PM-22(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      UCPA.13-61-201(2)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Data Privacy Code of Conduct
                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      VCPA.59.1-577(A)(3)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete Or Return All PII At Contract Termination

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      PIPEDA-1-4.5.3
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete Or Return All PII At Contract Termination

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPA.6-1-1305(5)(I)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      GDPR-16
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      TSC P5.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      TSC P6.7
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CCPA-4.1
                                      California Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CCPA-4.2
                                      California Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CCPA-4.5(2)
                                      California Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.3(a)(1)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.3(a)(3)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.4(a)(1)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.4(a)(2)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.7(a)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.7(c)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.8(c)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.8(a)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPRA.12(a)(3)(B)(ii)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      PIPEDA-1-4.9
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      PIPL-45
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      CPA.6-1-1302(c)(II)(A)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete An Individual's Data

                                      Evidence that a Vendor has the ability to delete individual costumer data on demand and that it is included as a provision in their privacy policy.

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      GDPR-17
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      800-53-r5-PM-21(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      800-53-r5-PM-21(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      800-53-r5-PM-21(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Display An Individual's Data And Who It's Shared With

                                      Evidence Examples

                                      UCPA.13-61-201(1)(b)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual From Automated Decisions

                                      Evidence Examples

                                      PIPL-24
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual From Automated Decisions

                                      Evidence Examples

                                      CTDPA.4(a)(5)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      GDPR-20(1)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      CCPA-4.3
                                      California Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      CPRA.3(b)(4)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      CPRA.9(a)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      PIPEDA-1-4.3.8
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      PIPL-44
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      CPA.6-1-1302(c)(II)(A)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      CTDPA.4(a)(5)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      CTDPA.6(a)(7)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      GDPR-21
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      UCPA. 13-61-201(4)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual's Data From Sharing/Selling

                                      Evidence Examples

                                      VCPA.59.1-577(A)(5)(ii)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      TSC P5.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      CPRA.3(a)(3)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      CPRA.12(a)(3)(B)(iii)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      PIPL-45
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      CPA.6-1-1306(1)(e)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      CTDPA.4(a)(4)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Exempt An Individual From Automated Decisions

                                      Evidence Examples

                                      GDPR-22(1)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      UCPA.13-61-201(3)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able to export an individual's data in a common format

                                      Evidence Examples

                                      VCPA.59.1-577(A)(4)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      TSC P5.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      CPRA.3(a)(3)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      CPRA.3(b)(4)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      CPRA.6(a)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      CPRA.6(c)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      PIPEDA-1-4.9.5
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      PIPL-46
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      CPA.6-1-1302(c)(II)(A)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      CPA.6-1-1306(1)(c)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Masked Where Appropriate

                                      Evidence Examples

                                      GDPR-25(1)
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      800-53-r5-PM-22(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      800-53-r5-SI-18(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Update/Correct An Individual's Data

                                      Evidence Examples

                                      VCPA.59.1-577(A)(2)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      TSC P3.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      TSC P4.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      TSC P7.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      PIPEDA-1-4.6
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      PIPL-8
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      CTDPA.4(a)(2)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      800-53-r5-PM-22(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Collects Accurate, Up-To-Date, Complete, And Relevant PII

                                      Evidence Examples

                                      800-53-r5-SI-18(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      TSC P6.3
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      TSC P6.5
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      PIPEDA-10.1
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      PIPL-57
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Not Shared With A Fourth Party Without Controller Consent

                                      Evidence Examples

                                      GDPR-28(2)
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      HIPAA.164.308(a)(6)(ii)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      NYCRR.500.11.b.3
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      CSF.RS.CO-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      12CFR-III.B.364.(B)(A)(III)(A)(2)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      12CFR-VII.A.748.(B)(II)(a)(1)(e)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      GDPR-28(3)(a)
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Persons Interacting With Sensitive Data Sign A Confidentiality Agreement

                                      Evidence Examples

                                      GDPR-28(3)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Masked Where Appropriate

                                      Evidence Examples

                                      ISO.A.8.11
                                      ISO/IEC 27001:2022
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Not Shared With A Fourth Party Without Controller Consent

                                      Evidence Examples

                                      TSC P6.1
                                      AICPA Trust Services Criteria
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Not Shared With A Fourth Party Without Controller Consent

                                      Evidence Examples

                                      CPRA.8(d)
                                      California Privacy Rights Act
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Not Shared With A Fourth Party Without Controller Consent

                                      Evidence Examples

                                      CPA.6-1-1305(3)(b)
                                      Colorado Privacy Act
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      TSC P4.1
                                      AICPA Trust Services Criteria
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Able To Delete Or Return All PII At Contract Termination

                                      Evidence Examples

                                      • Privacy Policy – External
                                      • Privacy Policy – Internal
                                      • Data Privacy Code of Conduct
                                      GDPR-28(3)(g)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Vendor allows for full cooperation in audits for clients

                                      Evidence Examples

                                      GDPR-28(3)(h)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      GDPR-29
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      800-53-r5-PT-2(b)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      UCPA.13-61-301(1)(a)
                                      Utah Consumer Privacy Act
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      VCPA.59.1-576(c)
                                      Virginia Consumer Privacy Act
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      VCPA.59.1-582(F)(2)
                                      Virginia Consumer Privacy Act
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Pseudonymized/De-Identified

                                      Evidence Examples

                                      PIPL-51
                                      China Personal Information Protection Law
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Records Of Processing Activities Are Maintained

                                      Evidence Examples

                                      GDPR-30(2)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Vendor allows for full cooperation in audits for clients

                                      Evidence Examples

                                      GDPR-31
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Pseudonymized/De-Identified

                                      Evidence Examples

                                      800-53-r5-SI-19(a)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Protection Officer

                                      Evidence Examples

                                      PIPEDA-1-4.1
                                      Canadian Personal Information and Electronic Documents Act
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Protection Officer

                                      Evidence Examples

                                      PIPL-53
                                      China Personal Information Protection Law
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Protection Officer

                                      Evidence Examples

                                      800-53-r5-PM-19
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      TSC P2.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      PIPEDA-6.1
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      PIPL-13
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      PIPL-14
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      PIPL-29
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      CPA.6-1-1308(7)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      CTDPA.6(a)(4)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      800-53-r5-PT-4
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Persons Interacting With Sensitive Data Receive Privacy Training

                                      Evidence Examples

                                      CCPA-4.5(6)
                                      California Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Persons Interacting With Sensitive Data Receive Privacy Training

                                      Evidence Examples

                                      800-53-r5-AT-2(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Persons Interacting With Sensitive Data Receive Privacy Training

                                      Evidence Examples

                                      800-53-r5-AT-3(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Persons Interacting With Sensitive Data Sign A Confidentiality Agreement

                                      Evidence Examples

                                      CPA.6-1-1305(3)(a)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Pseudonymized/De-Identified

                                      Evidence Examples

                                      GDPR-32(1)(a)
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Persons Interacting With Sensitive Data Sign A Confidentiality Agreement

                                      Evidence Examples

                                      ISO.A.6.6
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Process in place for handling privacy requests (DSARS)

                                      Evidence Examples

                                      CPRA.5(c)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Process in place for handling privacy requests (DSARS)

                                      Evidence Examples

                                      CPA.6-1-1306(1)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Process in place for handling privacy requests (DSARS)

                                      Evidence Examples

                                      CTDPA.4(c)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Process in place for handling privacy requests (DSARS)

                                      Evidence Examples

                                      UCPA.13-61-202(1)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Process in place for handling privacy requests (DSARS)

                                      Evidence Examples

                                      VCPA.59.1-578(E)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      TSC P1.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      TSC P2.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      CPRA.3(b)(1)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      PIPL-17
                                      China Personal Information Protection Law
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      CPA.6-1-1302(c)(II)(B)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      800-53-r5-PM-20(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      800-53-r5-PT-5(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      800-53-r5-PT-5(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      800-53-r5-PT-5(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      800-53-r5-PT-5(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      800-53-r5-PT-5(e)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      UCPA.13-61-302(1)(a)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Provides Notice To Data Subjects About Its Privacy Practices

                                      Evidence Examples

                                      VCPA.59.1-578(c)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Records Of Processing Activities Are Maintained

                                      Evidence Examples

                                      PIPEDA-1-4.8.2
                                      Canadian Personal Information and Electronic Documents Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Vendor allows for full cooperation in audits for clients

                                      Evidence Examples

                                      CPA.6-1-1305(5)(II)(B)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Is Only Used For Contracted Purpose

                                      Evidence Examples

                                      GDPR-32(4)
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Breach Notification/Unauthorized Disclosures Of PII Are Tracked

                                      Evidence Examples

                                      GDPR-33(2)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Data Protection Officer

                                      Evidence Examples

                                      GDPR-37
                                      EU General Data Protection Regulation
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Vendor maintains A Data Privacy Code Of Conduct

                                      Evidence Examples

                                      GDPR-40
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Data Privacy
                                      Obtains Consent from Data Subjects Where Required

                                      Evidence Examples

                                      GDPR-7(1)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Client Data Destruction Post-Contract

                                      Evidence that there is a policy in place to ensure client data is destroyed securely to ensure confidentiality

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OCC2021-36.3
                                      OCC 2021-36
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-1.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-2.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.5:pg14
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.B:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.A:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.h
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.9
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.c
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-8(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-8(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(i)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.AM-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.AM-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OCC2021-36.3
                                      OCC 2021-36
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-1.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-2.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.5:pg14
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.B:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.A:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.h
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.9
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.c
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-8(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-8(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(i)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.AM-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.AM-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Evidence of Cybersecurity Insurance

                                      Evidence of a current insurance policy that has specific cybersecurity coverages such as Cyber extortion, Data Breach, Cyber crime, etc.

                                      Evidence Examples

                                      • Cybersecurity Insurance
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-A1.n
                                      OSFI B-10 Third-Party Risk Management
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Hardware

                                      Evidence that the vendor accurately tracks all their IT equipment and has a plan for managing it throughout its lifecycle.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.2.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.I.B:pg4
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.II.A:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.II.A.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PM-1(a)(4)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(a)(1)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(a)(1)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Board/Executive/Senior Management Involvement

                                      Evidence that Board of Directors, Executive Leadership, or Senior Management actively participate in the creation, approval, and review of security policies.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC CC1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Asset Management - Software

                                      Evidence that the vendor keeps an up-to-date list of all software, licenses, and how it's used, along with a plan for managing it over time.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.2.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.10:pg21
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.D.1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.32
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.i
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-3(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-3(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-3(g)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-10(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-10(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-10(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-10(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(e)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-3
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Designated Chief Information Security Officer (CISO)

                                      Evidence that the Vendor has a designated Chief Information Security Officer or an equivelant role.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-1.1.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Client Data Destruction Post-Contract

                                      Evidence that there is a policy in place to ensure client data is destroyed securely to ensure confidentiality

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.b
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Client Data Destruction Post-Contract

                                      Evidence that there is a policy in place to ensure client data is destroyed securely to ensure confidentiality

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.13
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Client Data Destruction Post-Contract

                                      Evidence that there is a policy in place to ensure client data is destroyed securely to ensure confidentiality

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SI-12
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Designated Chief Information Security Officer (CISO)

                                      Evidence that the Vendor has a designated Chief Information Security Officer or an equivelant role.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.04
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Designated Chief Information Security Officer (CISO)

                                      Evidence that the Vendor has a designated Chief Information Security Officer or an equivelant role.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • IT Recovery Plan
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PM-2
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.4:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(3)(ii)(B)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.6.1
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PS-2(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PS-3(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-6
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(1)(e)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(A)(I)(B)(2)(b)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(1)(e)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OCC2021-36.7
                                      OCC 2021-36
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-14.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.I.B:pgs4-5
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.WP.12.5.f
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(5)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.6.3
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.14.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AT-2(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AT-3(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PS-7(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AT-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(g)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(2)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Evidence that Vendor requires employees and contractors to attend security training at the time of employment and at least annually thereafter

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(2)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling information system and infrastructure changes.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.5.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Evidence of Cybersecurity Insurance

                                      Evidence that Vendor has a current insurance policy that includes cybersecurity specific coverages such as cyber fraud, data breach, etc.

                                      Evidence Examples

                                      • Cybersecurity Insurance
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.m
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Change Management

                                      Evidence that the Vendor has an established process or policy for managing and controlling changes that affect information system and infrastructure.

                                      Evidence Examples

                                      • Change Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.5.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Security Training

                                      Does vendor requires employees and contractors to attend security training at the time of employment and throughtout the duration of employment?

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Information Security Program/Policy or Overview
                                      • Security Awareness Program
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.1.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-17.4
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.III.D:pg50
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.C.4:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(6)(ii)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.j
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.24
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.25
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.26
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.n
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.16.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-IR-1(a)(1)(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-IR-8(a)(4)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-9
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(1)(g)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(1)(g)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(B)(II)(a)(1)(a)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(b)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.1
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.02.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PM-1(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.GV-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(II)(a)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(II)(a)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(a)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Mobile Device/BYOD Policies

                                      Procedures and protocols for the use of personal mobile devices and their connection to company networks.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Mobile Device/BYOD Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-1.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Mobile Device/BYOD Policies

                                      Procedures and protocols for the use of personal mobile devices and their connection to company networks.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Mobile Device/BYOD Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-19(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-2.4.2.1
                                      OSFI B-10 Third-Party Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OCC2021-36.7
                                      OCC 2021-36
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-7.3
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-7.4
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OP.V.C.2:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OP.V.C.2:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OP.VI.B.3:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      800-53-r5-SI-2(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.7.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Information Security Program/Policies

                                      Evidence of an approved information security policy that details the process for ensuring that information is securely used, stored, and handled.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-A1.g
                                      OSFI B-10 Third-Party Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      PII Retention Policy

                                      Evidence of a policy that contains measures on how an organization saves data for compliance or regulatory reasons, and how it disposes of data once it is no longer required.

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CPRA.4(a)(3)
                                      California Privacy Rights Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      PII Retention Policy

                                      Evidence of a policy that contains measures on how an organization saves data for compliance or regulatory reasons, and how it disposes of data once it is no longer required.

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      PII Retention Policy

                                      Evidence of a policy that contains measures on how an organization saves data for compliance or regulatory reasons, and how it disposes of data once it is no longer required.

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CTDPA.10(f)(2)
                                      Connecticut Data Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      PII Retention Policy

                                      Evidence of a policy that contains measures on how an organization saves data for compliance or regulatory reasons, and how it disposes of data once it is no longer required.

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PM-21(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      PII Retention Policy

                                      Evidence of a policy that contains measures on how an organization saves data for compliance or regulatory reasons, and how it disposes of data once it is no longer required.

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      VCPA.59.1-582(F)
                                      Virginia Consumer Privacy Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OCC2021-36.3
                                      OCC 2021-36
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.I.B:pg4
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.III.A:pg47
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.WP.7.4
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.II.A.2:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(1)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(1)(ii)(B)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.f
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.02.b.1
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.m
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.09.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PM-9(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PM-28(a)(4)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-RA-3(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-RA-3(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.RM-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.RM-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.GV-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.RA-6
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(b)(1)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Proof that the vendor has a systematic process for managing risk to an organization such as a risk assessment, risk register, risk inventory, risk department, etc.

                                      Evidence Examples

                                      • Risk Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(a)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.6.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Patch Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.6
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Risk Management

                                      Established procedures and timelines for applying security patches for systems and devices based on severity.

                                      Evidence Examples

                                      • Patch Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-A1.e
                                      OSFI B-10 Third-Party Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Employee/Contractor Background Checks

                                      Evidence that background checks are performed on potential employees or contractors as part of the hiring process.

                                      Evidence Examples

                                      • Employee/Contractor Onboarding Policy
                                      • Human Resources and Hiring Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-15.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-15.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-15.5
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-15.6
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.E:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.D.1:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(b)(4)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.h
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.I
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.19
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.22
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.l
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.m
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.n
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.11.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-9(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.SC
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(d)(1)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(d)(3)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(e)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(d)(1)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(d)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(d)(3)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Vendor Management/Due Diligence

                                      A third-party vendor management program or policy is in place which requires due diligence to be performed on potential vendors or contractors prior to engagement. As well as ongoing third-party vendor review or reassessment.

                                      Evidence Examples

                                      • Vendor Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-2.2.4.1
                                      OSFI B-10 Third-Party Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Information Security Governance
                                      Incident Management

                                      Evidence that the vendor maintains an established policy for managing incidents that includes classification, containment, eradication, return to normal, and post-mortem?

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(c)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(a)
                                      EU General Data Protection Regulation
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling & Conditioning Systems (with redundancy)

                                      Does the vendor maintain multiple cooling systems to ensure redundant cooling and airflow for IT equipment?

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Detection

                                      Automatic devices or systems that sense a phenomenon resulting from a fire. (Smoke detectors, heat detectors, etc)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Suppression

                                      Automatic devices or systems in place to stop a fire from growing and spreading.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Evidence that generators undergo regular maintenance, testing, and inspection by an independent third party. Regular testing is not generally enough, you want evidence of preventative maintenance.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generators (with redundancy)

                                      Evidence that there are backup generators in place to act as a redundant power supply to ensure that power is never lost.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.3:pg6
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • BCP Test Results (Executive Overview)
                                      • Business Continuity Plan
                                      • Business Continuity Policy/Program
                                      • Disaster Recovery Plan
                                      • Disaster Recovery Test Results (Executive Overview)
                                      • IT Recovery Plan
                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(b)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-11.3
                                      Center for Internet Security - Critical Security Controls
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Network Monitoring

                                      Evidence that the vendor utilizes automated systems for monitoring the infrastructure, network, or devices?

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.312(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.15.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(d)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(h)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-28
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Media Encrypted

                                      Evidence that backup data is encrypted either on disk or on backup media, as well as backup data being encrypted when being copied or transferred over a network.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-11.5
                                      Center for Internet Security - Critical Security Controls
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.13
                                      ISO/IEC 27001:2022
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Camera System

                                      The vendor utilizes cameras and other video surveillance devices to monitor activities in or around facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.1:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Camera System

                                      The vendor utilizes cameras and other video surveillance devices to monitor activities in or around facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.4
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Camera System

                                      The vendor utilizes cameras and other video surveillance devices to monitor activities in or around facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-6(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Camera System

                                      The vendor utilizes cameras and other video surveillance devices to monitor activities in or around facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC CC6.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Temperature and Humidity

                                      The vendor utilizes automated systems and devices to maintain and control the temperature and humidity of server rooms and data centers, sending out alerts or alarms as needed.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling & Conditioning Systems (with redundancy)

                                      Evidence that the vendor maintain multiple cooling systems to ensure redundant cooling and airflow for IT equipment.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.D.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling & Conditioning Systems (with redundancy)

                                      Evidence that the vendor maintain multiple cooling systems to ensure redundant cooling and airflow for IT equipment.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.D.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling & Conditioning Systems (with redundancy)

                                      Evidence that the vendor maintain multiple cooling systems to ensure redundant cooling and airflow for IT equipment.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling & Conditioning Systems (with redundancy)

                                      Evidence that the vendor maintain multiple cooling systems to ensure redundant cooling and airflow for IT equipment.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supplies (with redundancy)

                                      Ensures that uninterruptible power supplies are backed up with redundant power sources.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.13
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.MA-1
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.1:pg1
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-2(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-6
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Cooling and Conditioning System Maintenance

                                      Cooling and conditioning systems undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.E:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.1:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(a)(2)(iii)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.k
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.2
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-3(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-3(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC CC6.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supplies (with redundancy)

                                      Ensures that uninterruptible power supplies are backed up with redundant power supplies.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Detection

                                      Automatic devices or systems that sense a phenomenon resulting from a fire. (Smoke detectors, heat detectors, etc)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.D.2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Detection

                                      Automatic devices or systems that sense a phenomenon resulting from a fire. (Smoke detectors, heat detectors, etc)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.1:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Detection

                                      Automatic devices or systems that sense a phenomenon resulting from a fire. (Smoke detectors, heat detectors, etc)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-13
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Detection

                                      Automatic devices or systems that sense a phenomenon resulting from a fire. (Smoke detectors, heat detectors, etc)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Detection

                                      Automatic devices or systems that sense a phenomenon resulting from a fire. (Smoke detectors, heat detectors, etc)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Suppression

                                      Automatic devices or systems in place to stop a fire from growing and spreading.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.D.2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Suppression

                                      Automatic devices or systems in place to stop a fire from growing and spreading.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.1:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Suppression

                                      Automatic devices or systems in place to stop a fire from growing and spreading.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-13
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Suppression

                                      Automatic devices or systems in place to stop a fire from growing and spreading.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire Suppression

                                      Automatic devices or systems in place to stop a fire from growing and spreading.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.13
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-2(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-6
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.MA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Fire System Maintenance

                                      Ensure that fire systems undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.6:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.13
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-2(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-6
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.MA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generator maintenance

                                      Ensure that generators undergo preventitive regular maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generators (with redundancy)

                                      Evidence that there are backup generators in place to act as a redundant power supply to mitigate the risk of power loss.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.6:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generators (with redundancy)

                                      Evidence that there are backup generators in place to act as a redundant power supply to mitigate the risk of power loss.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.D.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generators (with redundancy)

                                      Evidence that there are backup generators in place to act as a redundant power supply to mitigate the risk of power loss.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7. 11
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generators (with redundancy)

                                      Evidence that there are backup generators in place to act as a redundant power supply to mitigate the risk of power loss.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.BE-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Generators (with redundancy)

                                      Evidence that there are backup generators in place to act as a redundant power supply to mitigate the risk of power loss.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Monitored Alerts on Failed Backups

                                      Evidence that alerts for failed backups or backup errors are monitored regularly

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.7:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Monitored Alerts on Failed Backups

                                      Evidence that alerts for failed backups or backup errors are monitored regularly

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Monitored Alerts on Failed Backups

                                      Evidence that alerts for failed backups or backup errors are monitored regularly

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Multifactor Autentication for Physical Access

                                      Evidence that vendors require two or more components to access facilities (electronic keypad & badge reader)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-7
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Monitored Alerts on Failed Backups

                                      Evidence that alerts for failed backups or backup errors are monitored regularly

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Network Monitoring

                                      Evidence that the vendor utilizes automated systems for monitoring the infrastructure, network, or devices vs being solely dependant on human monitoring.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.6:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Network Monitoring

                                      Evidence that the vendor utilizes automated systems for monitoring the infrastructure, network, or devices vs being solely dependant on human monitoring.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.6
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Network Monitoring

                                      Evidence that the vendor utilizes automated systems for monitoring the infrastructure, network, or devices vs being solely dependant on human monitoring.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.h
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-11.4
                                      Center for Internet Security - Critical Security Controls
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-6(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Physical Access is Reviewed

                                      Access logs are reviewed by security personnel, security guards, or a third-party security firm periodically (semi-annually, quarterly, monthly, etc.)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.E:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Physical Access is Reviewed

                                      Access logs are reviewed by security personnel, security guards, or a third-party security firm periodically (semi-annually, quarterly, monthly, etc.)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-2(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Physical Access is Reviewed

                                      Access logs are reviewed by security personnel, security guards, or a third-party security firm periodically (semi-annually, quarterly, monthly, etc.)

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-2(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Alternate Site Replication

                                      Backup data that is copied over a network link to an alternate physical location.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(c)
                                      EU General Data Protection Regulation
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(b)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      Documentation of the defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Type

                                      A defined backup type (full, differential, incremental).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-11.4
                                      Center for Internet Security - Critical Security Controls
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups Tested Annually

                                      Backup data is tested, verified, and restored at least annually to confirm that it can be used when needed

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(c)
                                      EU General Data Protection Regulation
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.3:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.4:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(7)(ii)(A)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(c)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-6(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-9(a)
                                      NIST 800-53 Rev. 5
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backups kept offline and/or offsite

                                      Requires that backups are shipped to a separate physical location or rotated offsite. Ensures that backups are kept offline and not accessible to update. (cold backups)

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(c)
                                      EU General Data Protection Regulation
                                      BCA
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.1:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      BCP.IV.A.6:pg1
                                      FFIEC IT Examination Handbook - Business Continuity Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.B:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.B.2.b:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OT.B.23
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.i
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CP-8
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.BE-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Redundant internet connectivity

                                      The vendor has a secondary internet connection and other telecommunications that work alongside the main internet connection to ensure continuous data traffic flow in the event of a failure.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.PT-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Security Guards (24 Hour personnel presence)

                                      Ensures that personnel are stationed at a security deck or office at the organization’s facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.4
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Security Guards (24 Hour personnel presence)

                                      Ensures that personnel are stationed at a security deck or office at the organization’s facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-3(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Security Guards (24 Hour personnel presence)

                                      Ensures that personnel are stationed at a security deck or office at the organization’s facilities.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC CC6.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Backup Frequency

                                      A defined backup frequency (hourly, daily, weekly, etc.).

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(c)
                                      EU General Data Protection Regulation
                                      BCA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Temperature and Humidity

                                      The vendor utilizes automated systems and devices to maintain and control the temperature and humidity of server rooms and data centers, sending out alerts or alarms as needed.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.D.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Temperature and Humidity

                                      The vendor utilizes automated systems and devices to maintain and control the temperature and humidity of server rooms and data centers, sending out alerts or alarms as needed.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-14(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Temperature and Humidity

                                      The vendor utilizes automated systems and devices to maintain and control the temperature and humidity of server rooms and data centers, sending out alerts or alarms as needed.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Regular Backups

                                      Evidence that backups are performed at a regular and documented frequency.

                                      Evidence Examples

                                      • Backup Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(c)
                                      EU General Data Protection Regulation
                                      BCA
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supplies (with redundancy)

                                      Ensures that uninterruptible power supplies are backed up with redundant power supplies.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.11.2.2
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supplies (with redundancy)

                                      Ensures that uninterruptible power supplies are backed up with redundant power supplies.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.BE-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supplies (with redundancy)

                                      Ensures that uninterruptible power supplies are backed up with redundant power supplies.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.BE-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supplies (with redundancy)

                                      Ensures that uninterruptible power supplies are backed up with redundant power supplies.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.1:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.13
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-2(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-6
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.MA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Uninterruptible Power Supply Maintenance

                                      Uninterruptable power supplies undergo regular preventitive maintenance, testing, and inspection by an independent third party.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC A1.2
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Visitor Tracking

                                      Evidence that the Vendor has a documented and established process for tracking people visiting their facilities that includes the ability to review post visit.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.E:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Visitor Tracking

                                      Evidence that the Vendor has a documented and established process for tracking people visiting their facilities that includes the ability to review post visit.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-3(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Visitor Tracking

                                      Evidence that the Vendor has a documented and established process for tracking people visiting their facilities that includes the ability to review post visit.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PE-8(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Visitor Tracking

                                      Evidence that the Vendor has a documented and established process for tracking people visiting their facilities that includes the ability to review post visit.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TSC CC6.1
                                      AICPA Trust Services Criteria
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Resiliency
                                      Electronic Access Control

                                      A method of regulating access facilities using installed electronically powered locks and credential readers.

                                      Evidence Examples

                                      • Physical/Environmental Security Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.10
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Client data stored outside the USA

                                      Evidence provided by the Vendor that states they use data hosting providers or have Data Centers outside the US.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OT.WP.I.1.3
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Client data stored outside the USA

                                      Evidence provided by the Vendor that states they use data hosting providers or have Data Centers outside the US.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.1
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Critical subservice organizations

                                      Evidence provided by the Vendor that states they use data hosting providers or have Data Centers outside the US.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OT.WP.I.1.3
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Critical subservice organizations

                                      Evidence provided by the Vendor that states they use data hosting providers or have Data Centers outside the US.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.1
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Critical subservice organizations

                                      Evidence provided by the Vendor that states they use data hosting providers or have Data Centers outside the US.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.I
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Experience with the function outsourced

                                      Defined amount of time the Vendor has producing or delivering the service/product they are providing the Client.

                                      Evidence Examples

                                      • Business Impact Analysis
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Risk Management Policy
                                      OT.WP.I.2.1
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Experience with the function outsourced

                                      Defined amount of time the Vendor has producing or delivering the service/product they are providing the Client.

                                      Evidence Examples

                                      • Business Impact Analysis
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Risk Management Policy
                                      OT.WP.II.B.2
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Risk Profile
                                      Experience with the function outsourced

                                      Defined amount of time the Vendor has producing or delivering the service/product they are providing the Client.

                                      Evidence Examples

                                      • Business Impact Analysis
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Risk Management Policy
                                      TPRM-IV.C.2.d(2)
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSC-16.13
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSC-18.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      IS.WP.6.27.g
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      MGT.III.C.3:pg29
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      800-53-r5-SA-11(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By A Third Party

                                      Evidence that source code in internal software or applications is tested for security threats by an EXTERNAL third party.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSC-16.13
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSC-18.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Date Of the Most Recent Test

                                      Evidence of an application security test was performed within the last 18 months.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      IS.WP.6.27.g
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      MGT.III.C.3:pg29
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      800-53-r5-SA-11(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Application Security Tests Are Performed By Internal Staff

                                      Evidence that source code in internal software or applications is tested for security threats by INTERNAL representatives

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.1.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of application security testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of application security testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of application security testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.05.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of application security testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Executive overview of application security test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CA-8
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency Of Penetration Testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency Of Penetration Testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency Of Penetration Testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.05.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency Of Penetration Testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CA-8
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-7.5
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-7.6
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OP.VI.B.3.a:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      NYCRR.500.05.b
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      800-53-r5-RA-3(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      800-53-r5-RA-5(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSF.DE.CM-8
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-7.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.3
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-7.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.WP.6.27.g
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.I.B.7(b):pg19
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.I.B.7(b):pg19
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.3.a:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.3.a:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-RA-5(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-RA-5(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.RS.AN-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.RS.MI-3
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.RS.AN-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.RS.MI-3
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency Of Penetration Testing

                                      Defined frequency of testing (annually, semi-annually, etc.). Best practice and expectation is annually or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.1.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Frequency of vulnerability scans/tests

                                      Defined frequency of scanning (daily, weekly, monthly, etc.). Best practice and expectation is quarterly or more frequently.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OSFI-B-13-3.1.3
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.5
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.III.C.3:pg29
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CA-8
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-18.5
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.III.C.3:pg29
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CA-8
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.6
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability Management Remediation Policy in place

                                      A documented process for remediating medium or higher findings from an application security test?

                                      Evidence Examples

                                      • Vulnerability Management Policy
                                      • Vulnerability Remediation Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.6
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By Internal Staff

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an INTERNAL reprtesentative of the organization.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Social engineering or phishing tests performed

                                      Evidence that the vendor uses social engineering testing such as phishing, phone calls, emails, or other social engineering techniques on employees.

                                      Evidence Examples

                                      • Executive overview of social engineering test results
                                      • Security Awareness Program
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Information Security Program/Policy or Overview
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Social engineering or phishing tests performed

                                      Evidence that the vendor uses social engineering testing such as phishing, phone calls, emails, or other social engineering techniques on employees.

                                      Evidence Examples

                                      • Executive overview of social engineering test results
                                      • Security Awareness Program
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Information Security Program/Policy or Overview
                                      OCC2021-36.10
                                      OCC 2021-36
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Social engineering or phishing tests performed

                                      Evidence that the vendor uses social engineering testing such as phishing, phone calls, emails, or other social engineering techniques on employees.

                                      Evidence Examples

                                      • Executive overview of social engineering test results
                                      • Security Awareness Program
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Information Security Program/Policy or Overview
                                      OSFI-B-13-3.1.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OSFI-B-13-3.1.3
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OSFI-B-13-3.2.9
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OSFI-B-13-3.1.3
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OSFI-B-13-3.2.9
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Penetration Tests Are Performed By A Third Party

                                      Evidence that a simulated hack of an organization’s systems to uncover and exploit vulnerabilities in systems, networks, web applications, or overall infrastructure is regularly performed by an EXTERNAL third-party hired/contracted by the organization for an unbiased test of their systems.

                                      Evidence Examples

                                      • Executive overview of penetration test results
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.1.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-7.5
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-7.6
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSC-16.13
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      GDPR-32(1)(d)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      IS.WP.6.27.g
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      OP.VI.B.3.a:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      NYCRR.500.05.b
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      800-53-r5-RA-3(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      800-53-r5-RA-5©
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      800-53-r5-SA-11(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSF.DE.CM-8
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      EU2022/2555.IV.21.2(e)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Security Testing
                                      Vulnerability scans are performed

                                      Evidence of an automated process used to identify known vulnerabilities, lack of security controls, and common misconfigurations within systems on a network.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Security Testing Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Vulnerability Management Policy
                                      CSF.ID.RA-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices for data destruction.

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-28(3)(g)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(a)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(a)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      GDPR-32(1)(b)
                                      EU General Data Protection Regulation
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-10.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.12:pg26
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.C.2:pg7
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(5)(ii)(B)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.7
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.02.b.2
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-6
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Breach Notification

                                      A documented procedure for notifying clients in the event of a cyber incident or data breach.

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-15.4
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Breach Notification

                                      A documented procedure for notifying clients in the event of a cyber incident or data breach.

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CPA.6-1-1305(2)(b)
                                      Colorado Privacy Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Breach Notification

                                      A documented procedure for notifying clients in the event of a cyber incident or data breach.

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      UCPA.13-61-301(1)(b)
                                      Utah Consumer Privacy Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Designated security personnel involved in SDLC

                                      A designated person (security engineer, security team, etc.) who reviews and approves source code and manages the change management process in the software development lifecycle.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.4.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.7
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.5:pg14
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.A:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.A.1:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.12
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.b
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.ID.AM-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      DDoS Mitigation

                                      Evidence that the Vendor is prepared for a DDoS attack. Usually the Vendor will specifically speak to this as there are many variations.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.III.C.3(b):pg30
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      DDoS Mitigation

                                      Evidence that the Vendor is prepared for a DDoS attack. Usually the Vendor will specifically speak to this as there are many variations.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.02.b.2
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      DDoS Mitigation

                                      Evidence that the Vendor is prepared for a DDoS attack. Usually the Vendor will specifically speak to this as there are many variations.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      DDoS Mitigation

                                      Evidence that the Vendor is prepared for a DDoS attack. Usually the Vendor will specifically speak to this as there are many variations.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-5(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      DDoS Mitigation

                                      Evidence that the Vendor is prepared for a DDoS attack. Usually the Vendor will specifically speak to this as there are many variations.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-5(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      DDoS Mitigation

                                      Evidence that the Vendor is prepared for a DDoS attack. Usually the Vendor will specifically speak to this as there are many variations.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Does Vendor require appropriate complexity/length/unpredictability passwords?

                                      Evidence that the Vendor has a documented password policy that forces user to include apporiate complexity requirements when setting up or changing their passwords.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Multifactor authentication for administrative access

                                      Requires that for administrative access accounts, access to an organization’s network requires a username and password and other authentication factors such as RSA key, One Time Pin, Biometric Authenticator, etc.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Designated security personnel involved in SDLC

                                      A designated person (security engineer, security team, etc.) who reviews and approves source code and manages the change management process in the software development lifecycle.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.17:pg39
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Designated security personnel involved in SDLC

                                      A designated person (security engineer, security team, etc.) who reviews and approves source code and manages the change management process in the software development lifecycle.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SI-4(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Designated security personnel involved in SDLC

                                      A designated person (security engineer, security team, etc.) who reviews and approves source code and manages the change management process in the software development lifecycle.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.2.3
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Asset Management Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.8
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.11
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.13(a):pg27
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.312(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.15.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(1)(c)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(h)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(1)(c)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.10
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.13(b):pg28
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.312(a)(2)(iv)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.312(e)(2)(ii)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.15.a
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-8
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-2
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(h)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(1)(c)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(1)(c)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-13.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.7:pg5
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.16
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.DE.AE-3
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.PT-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Antimalware

                                      Antimalware or antivirus solutions are used in the server environment.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.4
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Breach Notification

                                      A documented procedure for notifying clients in the event of a cyber incident or data breach.

                                      Evidence Examples

                                      • Incident Management Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-10-2.4.2.1
                                      OSFI B-10 Third-Party Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.2.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Classification

                                      Documented policy or program that establishes methods and levels of data classification, handling, labeling, retention, and destruction practices.

                                      Evidence Examples

                                      • Data Classification Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.1.4
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      CSC-13.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      CSC-13.3
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      CSC-13.7
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      CSC-13.8
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      IS.II.C.9:pg19
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      OP.V.B.1:pg4
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      NYCRR.500.02.b.2
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      NYCRR.500.03.h
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      800-53-r5-SC-35
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      800-53-r5-SI-4(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      800-53-r5-SI-4(c)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      CSF.DE.CM-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      12CFR-III.B.364.(B)(III)(c)(1)(f)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      12CFR-VII.A.748.(A)(III)(c)(1)(f)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption at Rest

                                      Data stored on storage systems or databases is encrypted at rest utilizing at least AES 256 encryption.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.5
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-6.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.WP.6.8
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.2:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.15
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.16
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.18
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.07
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-1(a)(1)(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-29(e)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-2(f)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(i)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(A)(I)(B)(2)(a)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(1)(a)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Encryption in Transit

                                      Data being transferred across public networks in transit is encrypted with TLS, SFTP, SSH, FTPS, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.5
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.5
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.A:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.B.2:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.B.8:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(i)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.310(d)(2)(ii)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.10
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.7.14
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.10
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.b
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.13
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MA-2(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-MP-6(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SR-12
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-6
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(4)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(4)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Event Log Correlation and Analysis

                                      Use of a SIEM solution or similar log management and aggregation tool. Procedures for gathering, analyzing, regular, or scheduled reviewing, and automated alerting of log files and data.

                                      Evidence Examples

                                      • Log Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.3.1
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.12
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.A.3:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.2:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.22
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.31
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.02.b.2
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-7(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-39
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-46
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SC-49
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      3rd Party System Default Passwords are Changed

                                      Policy in place that defines the process for changing default passwords that are on a system/software with initial installation.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      800-53-r5-IA-5(e)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Does Vendor require appropriate complexity/length/unpredictability passwords?

                                      Documented policy or procedure that enforces employees to create complex passwords with various combinations to ensure password strength is higher.

                                      Evidence Examples

                                      • Access Management Policy
                                      OT.B.26
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Does Vendor require appropriate complexity/length/unpredictability passwords?

                                      Documented policy or procedure that enforces employees to create complex passwords with various combinations to ensure password strength is higher.

                                      Evidence Examples

                                      • Access Management Policy
                                      800-53-r5-IA-5(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Multifactor authentication available for client access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      OCC2021-36.5
                                      OCC 2021-36
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Multifactor authentication available for client access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      CSC-5.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Multifactor authentication available for client access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      OP.III.G:pg5
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Multifactor authentication available for client access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Client Access: Single-Sign-On available for client access

                                      Is single sign-on (SAML, OAuth, etc.) available for customer/consumer access to systems and networks.

                                      Evidence Examples

                                      • Access Management Policy
                                      CSC-6.7
                                      Center for Internet Security - Critical Security Controls
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      3rd Party System Default Passwords are Changed

                                      Policy in place that defines the process for changing default passwords that are on a system/software with initial installation.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      800-53-r5-IA-5(e)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Customer/Consumer Access: Does vendor require appropriate complexity/length/unpredictability passwords?

                                      Evidence that the Vendor has a documented password policy that forcescustomers.consumers to include apporiate complexity requirements when setting up or changing their passwords.

                                      Evidence Examples

                                      • Access Management Policy
                                      800-53-r5-IA-5(c)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Customer/Consumer Access: Multifactor authentication available for customer/consumer access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      OCC2021-36.5
                                      OCC 2021-36
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Customer/Consumer Access: Multifactor authentication available for customer/consumer access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      CSC-5.2
                                      Center for Internet Security - Critical Security Controls
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Customer/Consumer Access: Multifactor authentication available for customer/consumer access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      OP.III.G:pg5
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Customer/Consumer Access: Multifactor authentication available for customer/consumer access

                                      Evidence that the use of multifactor authentication such as two-factor or three-factor authentication to obtain access to systems and networks is available when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Customer/Consumer Access: Single-Sign-On for customer/consumer access

                                      Evidence that single sign-on (SAML, OAuth, etc.) is available for customer/consumer access to systems and networks when applicable.

                                      Evidence Examples

                                      • Access Management Policy
                                      CSC-6.7
                                      Center for Internet Security - Critical Security Controls
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      3rd Party System Default Passwords are Changed

                                      Policy in place that defines the process for changing default passwords that are on a system/software with initial installation.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      800-53-r5-IA-5(e)
                                      NIST 800-53 Rev. 5
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      IDS/IPS

                                      Use of an intrusion detection system or intrusion prevention system to protect against and detect threats to systems and networks.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Log Management Policy
                                      OSFI-B-13-3.2.4
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Does Vendor require appropriate complexity/length/unpredictability passwords?

                                      Evidence that the Vendor has a documented password policy that forces user to include apporiate complexity requirements when setting up or changing their passwords.

                                      Evidence Examples

                                      • Access Management Policy
                                      CSC-5.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Does Vendor require appropriate complexity/length/unpredictability passwords?

                                      Evidence that the Vendor has a documented password policy that forces user to include apporiate complexity requirements when setting up or changing their passwords.

                                      Evidence Examples

                                      • Access Management Policy
                                      HIPAA.164.308(a)(5)(ii)(D)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Does Vendor require appropriate complexity/length/unpredictability passwords?

                                      Evidence that the Vendor has a documented password policy that forces user to include apporiate complexity requirements when setting up or changing their passwords.

                                      Evidence Examples

                                      • Access Management Policy
                                      800-53-r5-IA-5(c)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Multifactor authentication for administrative access

                                      Requires that for administrative access accounts, access to an organization’s network requires a username and password and other authentication factors such as RSA key, One Time Pin, Biometric Authenticator, etc.

                                      Evidence Examples

                                      • Access Management Policy
                                      CSC-5.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Multifactor authentication for administrative access

                                      Requires that for administrative access accounts, access to an organization’s network requires a username and password and other authentication factors such as RSA key, One Time Pin, Biometric Authenticator, etc.

                                      Evidence Examples

                                      • Access Management Policy
                                      OP.III.G:pg5
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Multifactor authentication for administrative access

                                      Requires that for administrative access accounts, access to an organization’s network requires a username and password and other authentication factors such as RSA key, One Time Pin, Biometric Authenticator, etc.

                                      Evidence Examples

                                      • Access Management Policy
                                      EU2022/2555.IV.21.2(j)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Multifactor authentication for administrative access

                                      Requires that for administrative access accounts, access to an organization’s network requires a username and password and other authentication factors such as RSA key, One Time Pin, Biometric Authenticator, etc.

                                      Evidence Examples

                                      • Access Management Policy
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Password Policy for Employee Access: Multifactor authentication for administrative access

                                      Requires that for administrative access accounts, access to an organization’s network requires a username and password and other authentication factors such as RSA key, One Time Pin, Biometric Authenticator, etc.

                                      Evidence Examples

                                      • Access Management Policy
                                      OCC2021-36.5
                                      FFIEC FIL Authentication and Access to Financial Institution Services and Systems
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Logical Access Management

                                      A defined process for granting and removing logical access privileges or permissions.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Data Destruction (Digital/Physical)

                                      A documented policy or program that outlines practices and methods used for data destruction. (Shredding, degaussing, erasing, wiping. Incinerating, etc)

                                      Evidence Examples

                                      • Media Sanitization Policy
                                      • Data Classification Policy
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.2.4
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-5.3
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-6.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      MGT.III.C.2:pg28
                                      FFIEC IT Examination Handbook - Management Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.308(a)(3)(ii)(c)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.16
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.18
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.07
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-2(j)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-2(l)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PS-4(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-PS-4(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Periodic Logical Access Review/Termination

                                      Access privileges are reviewed on a recurring basis and at employment termination to ensure access is appropriate and that privileges are modified if needed.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-3.3
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.WP.6.21
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.VI.A.2:pg1
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.312(C)(1)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.3
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.07
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-6
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Production and Development Environment Segmentation

                                      Development, testing, or staging environments, networks, or segments are physically or logically separate from production or live environments, networks, or segments

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-12.2
                                      Center for Internet Security - Critical Security Controls
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Production and Development Environment Segmentation

                                      Development, testing, or staging environments, networks, or segments are physically or logically separate from production or live environments, networks, or segments

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.A.3:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Production and Development Environment Segmentation

                                      Development, testing, or staging environments, networks, or segments are physically or logically separate from production or live environments, networks, or segments

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.31
                                      ISO/IEC 27001:2022
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OCC2021-36.5
                                      OCC 2021-36
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-6.4
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.15(c):pg33
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.G:pg5
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      EU2022/2555.IV.21.2(j)
                                      Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity Across the Union
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.12.b
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-3
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Network Segmentation

                                      Use of logical or physical segregation of sensitive network areas, including DMZ, storage, processing, etc.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.4
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OCC2021-36.7
                                      OCC 2021-36
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-4.1
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-4.2
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.WP.6.11
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.B.1:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.9
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.02.b.2
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-1(a)(2)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-CM-2(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Secure Device Baselining

                                      The minimum acceptable operational or technological security is implemented across devices, systems, or services.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.IP-1
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSC-16.12
                                      Center for Internet Security - Critical Security Controls
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.10:pg21
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.V.C.3:pg2
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      TPRM-IV.C.2.g
                                      Interagency Guidance on Third-Party Relationships (Board, FDIC, & OCC) 06.2023
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.8.29
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.i
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-3(d)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Security testing is a part of build verification

                                      During the build verification process, security testing is performed to identify potential risks such as security vulnerabilities or data loss.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SA-10(e)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.7:pg15
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OP.III.D.1:pg3
                                      FFIEC IT Examination Handbook - Operations Booklet
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      HIPAA.164.312(C)(1)
                                      Health Insurance Portability and Accountability Act
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      ISO.A.5.3
                                      ISO/IEC 27001:2022
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-5(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-AC-5(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.AC-4
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-III.B.364.(B)(III)(c)(1)(e)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      12CFR-VII.A.748.(A)(III)(c)(1)(e)
                                      Interagency Guidelines Establishing Information Security Standards
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Remote Access Requires Multifactor Authentication

                                      Requires that access to an organization’s network from external locations, such as home, requires both a username and password in addition to another factor of authentication such as RSA key, One Time Pin (OTP), Biometric Authenticator, etc

                                      Evidence Examples

                                      • Access Management Policy
                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Third parties do not maintain access to dev/prod

                                      Fourth parties, subservice organizations, or contractors are periodically reviewed, and access is terminated once the contract has expired

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OT.B.26
                                      FFIEC IT Examination Handbook - Outsourcing Technology Services
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Third parties do not maintain access to dev/prod

                                      Fourth parties, subservice organizations, or contractors are periodically reviewed, and access is terminated once the contract has expired

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      NYCRR.500.03.i
                                      New York Department of Financial Services 23 NYCRR 500
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Principle of Least Privilege

                                      Access privileges are assigned using the principle of least privilege, privileges are assigned such that only access to what is needed to perform the job role is allowed. Also, use of Role-Based Access Control.

                                      Evidence Examples

                                      OSFI-B-13-3.2.7
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Separation of Duties

                                      Utilized in order to ensure that users aren't given enough access to abuse or misuse the system.

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      OSFI-B-13-2.5.2
                                      OSFI B-13 Technology and Cyber Risk Management
                                      DPA
                                      ISPA
                                      CSA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Web application firewall

                                      A software-based or hardware-based tool to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      IS.II.C.17:pg39
                                      FFIEC IT Examination Handbook - Information Security Booklet
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Web application firewall

                                      A software-based or hardware-based tool to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      800-53-r5-SI-4(a)(1)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Web application firewall

                                      A software-based or hardware-based tool to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet

                                      Evidence Examples

                                      • Information Security Program/Policy or Overview
                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      CSF.PR.DS-5
                                      NIST Framework for Improving Critical Infrastructure Cybersecurity version 1.1
                                      DPA
                                      ISPA
                                      SOC

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Wireless Access Control

                                      Evidence of policies and procedures as well as hardware that address securing and monitoring wireless access points.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      NYCRR.500.02.b.2
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Wireless Access Control

                                      Evidence of policies and procedures as well as hardware that address securing and monitoring wireless access points.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      NYCRR.500.03.g
                                      New York Department of Financial Services 23 NYCRR 500
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Wireless Access Control

                                      Evidence of policies and procedures as well as hardware that address securing and monitoring wireless access points.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      800-53-r5-AC-18(a)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More
                                      Sensitive Data Security
                                      Wireless Access Control

                                      Evidence of policies and procedures as well as hardware that address securing and monitoring wireless access points.

                                      Evidence Examples

                                      • Third Party Audit Report (SOC; PCI; ISO/IEC 27001; etc)
                                      • Access Management Policy
                                      • Asset Management Policy
                                      • Information Security Program/Policy or Overview
                                      800-53-r5-AC-18(b)
                                      NIST 800-53 Rev. 5
                                      DPA
                                      ISPA

                                      Data Protection Assessment (DPA)

                                      The DPA is a comprehensive risk-based review of the controls your vendor or suppliers have in place to protect against cybersecurity threats and meet data privacy regulations. This methodical review ensures they adhere to the standards and essential best practices for protecting sensitive data.

                                      Learn More

                                      Business Continuity and Disaster Recovery Assessment (BCA)

                                      The BCA extensively reviews your vendor or supplier’s preparedness strategies against unforeseen disruptions. This crucial review of their continuity plans helps reveal potential vulnerabilities, enabling your organization to maintain operational resilience despite unexpected challenges.

                                      Learn More

                                      Point-in-Time Cybersecurity Assessment (CSA)

                                      The CSA is a comprehensive evaluation of your vendor or suppliers' cybersecurity practices, ensuring they are robust and up to industry standards. By identifying potential weak spots in their cyber posture, this assessment aids in fortifying your organizational defenses against potential breaches.

                                      Learn More

                                      System and Organization Controls Assessment (SOC)

                                      The SOC Assessment assesses your vendor’s SOC report documentation and provides a comprehensive risk assessment regarding the vendor’s internal controls.

                                      Learn More

                                      Information Security & Privacy Assessment (ISPA)

                                      The ISPA is an in-depth assessment of a vendor or suppliers’ data privacy practices and information security measures. It ensures robust compliance, revealing potential risks and providing actionable insights to enhance your organization's data protection strategies.

                                      Learn More