Third Party Security Assessment

  • Updated on Apr 10, 2026
  • Published on Nov 6, 2024
  • 1 minute(s) read
Prev Next

WHAT IS THIRD PARTY SECURITY ASSESSMENT AND WHY IS IT IMPORTANT?

Third Party Security Assessment (TPSA) assesses the security posture of external third-party organizations before engaging them for goods or services. It applies to vendors, suppliers, consultants, staff augmentation providers, and business partners. 

TPSA is needed to

  • Get the third party's assertion that they comply with industry and regulatory requirements.

  • Protect corporate and customer data from unverified vendors.

  • Lessen the exposure to data loss and unauthorized network access.

CONTROLS THIS DASHBOARD REPORTS ON

This dashboard reports on your organization’s level of compliance with these controls:

  • NIST CSF v2.0: Subcategory GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships

  • PCI-DSS v4.0.1: Requirement 12.8.3 An established process is implemented for engaging TPSPs [Third-Party Service Providers], including proper due diligence prior to engagement.

  • CIS CSC v8.1: Safeguard 15.5 Assess Service Providers

PRIMARY KEY PERFORMANCE INDICATOR (KPI)

The dashboard reports on this Primary KPI:

  • Numerator: Number of TPSA onboarding assessments with status = Completed or , "Open within SLA",

  • Denominator: Number of TPSA onboarding assessments not in draft status

COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

  • Compliance Status

  • Survey Number, Survey Name, Survey Created Date, Survey Completed Date – information regarding the vendor survey

  • Assessment ID

  • Reassessment Date

  • Vendor Name, Vendor ID, Vendor Tier

  • Due Date

  • Status

  • SLA Status, Within SLA Flag

  • Inventory Source

  • Owner ID, Owner Name, Owner Email Address, Owner Job Title – Information for the employee who owns the relationship with the third party

  • Manager Employee ID, Manager Full Name, Manager Email Address - Employee's manager

  • Executive VP, Senior VP, VP / Executive Director - Management chain for the Employee

  • Level 5, Level 6 - Additional levels of management for the Employee

OCSF TABLES USED BY THE DASHBOARD

  • User Inventory Info [5003]

Copyright © 2026 DataBee®, A Comcast Company.
DataBee® is a registered trademark of Comcast.