Third Party Vendor Inventory

Third Party Vendor Inventory

Third Party Vendor Inventory

Do you have a complete and comprehensive 3rd party vendor inventory that meets the regulatory requirements (format and data expectations) and can be produced within the required timeframe/window?

Are you confident that all of your:​

• Organization’s 3rd party vendors have up-to-date data protection agreements (DPAs)?
• DPAs comply with applicable regulatory requirements/standards?
• 3rd party vendors have privacy programs that meet regulatory standards?

 

Phase 1: Identification of Potential 3rd Party Vendors

• Review Accounts Payable Information
• Conduct Interviews
• Collect Existing DPAs

 

Phase 2:  Perform Gap Analysis of Current & Potential 3rd Party Vendors

• Review existing DPAs
• Compare known 3rd party vendors to DPAs identified in phase 1
• Document gaps and identify new DPAs

 

Phase 3: Update 3rd Party Vendors Inventory

• Update or create master 3rd party vendor inventory based on analysis conducted in phases 1 and 2

 

Phase 4: Perform Vendor Outreach to Execute DPAs

• Reach out to identified 3rd party vendors to execute DPAs

• Update information for required regulatory data points