GDPR Vendor Risk Management Assessments
Tacita are proud to announce the launch of our latest product – our Vendor Risk Management (VRM) Assessment.
Since our inception, Tacita has helped businesses of all-sizes to assess and improve their GDPR compliance. As we kept discovering however, many of our Clients were being put at risk by their third-party data processors. When you transfer personal data you control (such as that of your customers and/or employees) to a third-party to process, you are still liable for any damages that may stem from their actions – such as a data breach.
What Tacita found was that many Third-parties are putting their clients at risk through their poor GDPR-compliance and data privacy activities.
We wanted to help with this.
What does it do?
Tacita’s VRM service provides a view of both your top-down overall risk as well as the more granular risk of each Third party you choose to assess. Our unique process allows our Clients to identify problematic third-parties and assess the exact GDPR risks facing their organisation from their business partners.
Our process is simple:
1. You provide a list of the Third Parties that you want us to assess and inform them of the upcoming audit
2. Tacita provides each Third Party with an assessment questionnaire
3. Tacita collects the Assessments and scores them
4. An overall report is generated for you detailing our findings
All of this is achieved within a two-to-three week time frame.
But we don’t want to leave you with just problems.
Following the publication of the report, your problematic Third Parties can contact Tacita to discuss how to resolve the identified issues. Tacita’s Compliance Achievement Pack (CAP) provides your Third Parties with all the tools they require to protect your personal data and mitigate the identified risks. This pack would be purchased by the Third Party and contains industry leading GDPR documentation and specific instructions to rectify each identified issue that is putting your business at risk.
Who is it for?
No man is an island, and no business is either.
Almost all businesses are sending personal data they control to third parties to process; be it outsourced HR/payroll, third-party marketing agencies, or cloud platform providers. As such we have built our VRM service for any businesses who want to identify and assess the GDPR threat that their Third Parties pose. Although our service is standardized for any and all businesses, it provides unique results specifically tailored to the needs of your business.
Worried about that Third Party marketing agency? Tacita can check them for you.
Or you’re about to sign a major contract with a new supplier? Tacita can provide your GDPR due diligence for you.
What does it cost?
So how much does this cost? To completely assess your third party risk - £96 per Third Party.
We believe that GDPR compliance is part of good business management. As such businesses of all sizes and sectors shouldn’t be priced out of it or have to prioritise other projects.
Equally, we believe that compliance shouldn’t disrupt your day-to-day business activities. Our VRM assessment service only uses the minimum required time from you and your business. At most, this will be time compiling the list of your third parties and informing them of the upcoming assessment. After this set-up, Tacita will undertake our assessment process as you sit-back and wait for the results.
Third Party risk management made affordable, comprehensive, and Time-effective.