Are you confident that all of your:​

• Organization’s 3rd party vendors have up-to-date data protection agreements (DPAs)?
• DPAs comply with applicable regulatory requirements/standards?
• 3rd party vendors have privacy programs that meet regulatory standards?

Phase 1: Identification of Potential 3rd Party Vendors

• Review Accounts Payable Information
• Conduct Interviews
• Collect Existing DPAs

Phase 2:  Perform Gap Analysis of Current & Potential 3rd Party Vendors

• Review existing DPAs
• Compare known 3rd party vendors to DPAs identified in phase 1
• Document gaps and identify new DPAs

Phase 3: Update 3rd Party Vendors Inventory

• Update or create master 3rd party vendor inventory based on analysis conducted in phases 1 and 2

Phase 4: Perform Vendor Outreach to Execute DPAs

• Reach out to identified 3rd party vendors to execute DPAs

• Update information for required regulatory data points