Managing third party and supply chain risk is critical to any organisation. An article by McKinsey highlights how regulators expect organisations to know their third parties. Regulations and legislation such as the European Union General Data Protection Regulation (GDPR), the New York Department of Financial Services (NYDFS) Cybersecurity regulation, and the Notifiable Data Breaches scheme in Australia highlight the importance of effective third party risk management and the potential for not only reputation damage as a result of a breach via a third party/supplier, but the potential for heavy penalties.
xGRC® TP helps you easily assess your third parties and identify key areas of information security & cyber risk. Traditionally, this process has been manual; sending spreadsheets back and forth and manually reviewing responses.
xGRC® TP makes assessing your third parties easy. Simply send an assessment request and wait for the results. There are two types of assessment option; Unverified, and Verified.
The recipient organisation completes the assessment and can upload and comment on any of the controls. Risk scores are generated, however, the responses are not verified. This type of assessment is useful for providing a quick assessment of a potential third part supplier or vendor.
The recipient organisation completes an unverified assessment and then a process to verify the controls (and their maturity) occurs. Risk scores are subject to change depending on the verification result. This type of assessment provides the highest level of assurance and is conducted by qualified, experienced audit professionals.
FREE tier includes 2 unverified assessments per month
Professional tier includes 10 unverified assessments per month
Enterprise tier includes unlimited unverified assessments per month
FREE tier includes no verified assessments, but they can be purchased
Professional tier includes 1 verified assessment per month
Enterprise tier includes 5 verified assessments per month
Early Adopter Program (EAP)
We are currently looking for organisations interested in being early adopters of xGRC® TP. As an early adopter, access to the platform is free*. Upon conclusion of the EAP, a lifetime discount will be applied to any of the paid xGRC® TP platform products. Contact us at firstname.lastname@example.org if you’re interested in participating in the EAP.
McKinsey, 2013. Managing when vendor and supplier risk becomes your own. From: https://www.mckinsey.com/business-functions/risk/our-insights/managing-when-vendor-and-supplier-risk-becomes-your-own
*the EAP includes free unverified assessments. Verified assessments are discounted by 50%