Resources
Case Studies
Third-party Assurance Assessments for US-based Consumer Credit Reporting Agency

Third-party Assurance Assessments for US-based Consumer Credit Reporting Agency

The client

A US-based Consumer Credit Reporting Agency providing credit reporting services to individuals and businesses worldwide

The work

Performing on-site third-party assurance assessments, completing bespoke evaluation questionnaires and documenting the third-party environment. Once assessed, summary reports were created for each third-party site including overview, observations/findings and recommendations for improvement, before being delivered to the client.

How we helped

We undertook a full review of the services provided to the client, the supplier’s business environment, ownership, number of staff, and any regulatory or legal requirements the business was subject to. This was followed by a review of all information security policies, documentation and records. The review assessed the content, suitability and evidence that the third party’s policies and procedures were being adhered to by staff, suppliers and other stakeholders. Where necessary, this also included visual inspections of physical security. Using the clients’ proprietary methodology, any identified gaps in policies or operational procedures were scored, including recommendations for any required improvements. Our findings were then presented in the client’s own report template, including a validated data flow diagram and further commercial context on the third-party assessment.

Value added

By preparing an objective report on the third party’s control environment, which identified weaknesses and risks, the client was better able to focus their risk treatment resources.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>