Login
    Contents x
    Third Party Security Assessment
    • 19 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Contents

    Third Party Security Assessment

    • Updated on 19 Mar 2025
    • 1 Minute to read
    • Print
    • Dark
      Light
    Article summary

    WHAT IS THIRD PARTY SECURITY ASSESSMENT AND WHY IS IT IMPORTANT?

    Third Party Security Assessment (TPSA) assesses the security posture of external third-party organizations before engaging them for goods or services. It applies to vendors, suppliers, consultants, staff augmentation providers, and business partners. 

    TPSA is needed to

    • Get the third party's assertion that they comply with industry and regulatory requirements.
    • Protect corporate and customer data from unverified vendors.
    • Lessen the exposure to data loss and unauthorized network access.

     

    CONTROLS THIS DASHBOARD REPORTS ON

    This dashboard reports on your organization’s level of compliance with these controls:

    NIST CSF v2.0: Subcategory GV.SC-06: Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationships

    PCI-DSS v4.0.1: Requirement 12.8.3 An established process is implemented for engaging TPSPs [Third-Party Service Providers], including proper due diligence prior to engagement.

    CIS CSC v8.1: Safeguard 15.5 Assess Service Providers


    PRIMARY KEY PERFORMANCE INDICATOR (KPI)

    The dashboard reports on this Primary KPI:

    Numerator: Number of TPSA onboarding assessments with status = Completed or , "Open within SLA",

    Denominator: Number of TPSA onboarding assessments not in draft status

     

    COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

    • Compliance Status
    • Survey Number, Survey Name, Survey Created Date, Survey Completed Date – information regarding the vendor survey
    • Assessment ID
    • Reassessment Date
    • Vendor Name, Vendor ID, Vendor Tier
    • Due Date
    • Status
    • SLA Status, Within SLA Flag
    • Inventory Source
    • Owner ID, Owner Name, Owner Email Address, Owner Job Title – Information for the employee who owns the relationship with the third party
    • Manager Employee ID, Manager Full Name, Manager Email Address - Employee's manager
    • Executive VP, Senior VP, VP / Executive Director - Management chain for the Employee
    • Level 5, Level 6 - Additional levels of management for the Employee

     

    OCSF TABLES USED BY THE DASHBOARD

    • User Inventory Info [5003]
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence