← Assessments

Vendor / Third-Party Risk Assessments

Are you compliant with CCPA, CPRA, GDPR, VCDPA and other privacy regulations’ Vendor / Third-Party Risk Management requirements? Do your Third-Party Risk assessments assess both privacy and security risks? Have you accounted for 4th Party Risk?

Yes, 4^th Party Risk – not just your vendors, but also the vendors of your vendors can expose you to privacy and cybersecurity risk, and many organizations are not prepared to address their full vendor ecosystem.

DPSA can help.

At the core is DPSA’s comprehensive Vendor Risk Assessment that collects and tracks critical data for ongoing vendor and third-party risk management and digs into the question of 4th Party risk exposure.

Powered by industry-leading technology, DPSA’s Vendor Risk Assessments are purpose-built for each vendor risk profile and stored centrally to allow for comparison and regular reassessment.

DPSA’s Vendor Risk Advisory team will evaluate the vendor-completed risk assessments for key privacy and security risk factors and compliance metrics, and provide your company with a:

• Conformity Matrix of all assessment responses, with a cross-reference citing the section of the regulation with the requirement, an analysis of the requirement considering your operations, the current level of compliance, the estimated risk to the organization.
• Findings Report with an overview of in-scope privacy laws (e.g., CCPA, CPRA, GDPR, VCDPA, etc.) and corresponding vendor / third-party requirements, recommended best practices for managing privacy and security in your third-party and 4th party vendor network, and actionable guidance on how to strengthen your third-party risk management program to ensure all regulatory obligations are met.

The DPSA team’s expertise is augmented by industry-leading technology, ensuring the vendor risk assessment program will scale with your company and keep pace with the changing regulatory landscape.