3PAS assessments are derived from a variety of globally recognized frameworks including ISO27001/2, HIPAA/HITECH, PCI, FISMA/NIST, and CSA/CCM. These frameworks are used to create models for the assessments that may also include sets of questions that focus on areas of particular interest to the customer requesting the assessment.
Simple to use and easy to administer, the 3PAS assessment process begins by registering and screening all suppliers in our customer's supply chain to determine which ones should complete a comprehensive risk assessment based upon criteria provided by our customer.
Vendors flagged as non-critical are thanked for their participation and directed to provide the credentials requested by our customer to satisfy various contractual requirements. Critical vendors are directed to a risk assessment based upon industry and regulatory frameworks.
Vendor risk assessments are valid for one calendar year. Assessment models are continually updated to ensure that they remain in sync with the frameworks that support them. 3PAS encourages vendors to continually improve their risk posture and to retake their risk assessment as risk controls are strengthened throughout the year. Customers are notified whenever risk scores improve and supporting evidence is available for review.