The client
A US-based Consumer Credit Reporting Agency providing credit reporting services to individuals and businesses worldwide
The work
Performing on-site third-party assurance assessments, completing bespoke evaluation questionnaires and documenting the third-party environment. Once assessed, summary reports were created for each third-party site including overview, observations/findings and recommendations for improvement, before being delivered to the client.
How we helped
We undertook a full review of the services provided to the client, the supplier’s business environment, ownership, number of staff, and any regulatory or legal requirements the business was subject to.
This was followed by a review of all information security policies, documentation and records. The review assessed the content, suitability and evidence that the third party’s policies and procedures were being adhered to by staff, suppliers and other stakeholders. Where necessary, this also included visual inspections of physical security.
Using the clients’ proprietary methodology, any identified gaps in policies or operational procedures were scored, including recommendations for any required improvements. Our findings were then presented in the client’s own report template, including a validated data flow diagram and further commercial context on the third-party assessment.
Value added
By preparing an objective report on the third
party’s control environment, which identified
weaknesses and risks, the client was better able
to focus their risk treatment resources.