Third Party Vendor Inventory

Third Party Vendor Inventory

Do you have a complete and comprehensive 3rd party vendor inventory that meets the regulatory requirements (format and data expectations) and can be produced within the required timeframe/window?

Are you confident that all of your:​

  • Organization’s 3rd party vendors have up-to-date data protection agreements (DPAs)?
  • DPAs comply with applicable regulatory requirements/standards?
  • 3rd party vendors have privacy programs that meet regulatory standards?


Phase 1: Identification of Potential 3rd Party Vendors

  • Review Accounts Payable Information
  • Conduct Interviews
  • Collect Existing DPAs


Phase 2:  Perform Gap Analysis of Current & Potential 3rd Party Vendors

  • Review existing DPAs
  • Compare known 3rd party vendors to DPAs identified in phase 1
  • Document gaps and identify new DPAs


Phase 3: Update 3rd Party Vendors Inventory

  • Update or create master 3rd party vendor inventory based on analysis conducted in phases 1 and 2


Phase 4: Perform Vendor Outreach to Execute DPAs

  • Reach out to identified 3rd party vendors to execute DPAs
  • Update information for required regulatory data points