The Business System, Asset and Third-Party Assessment Template is designed to be completed when new software vendors (Third Parties) are being on-boarded within the organisation. The assessment can be completed before the third party/software is procured, to ensure security and privacy risks are reviewed and addressed at this stage. Third Party, and related Business Systems & Asset status, can be set as Planned. Optional Controls/Evidence can be added for the Assets and Third Party at this stage if required.
The assessment is designed to be completed internally by the Information Security or Data Protection departments; however, if required, it can be targeted to the relevant department procuring the software, or externally for Third Parties for completion.
Once the assessment has been completed, the Business System, Third Party and Asset(s) will populate into the relevant registers, and the records will be linked together. The Program/Assessment Reviewer will also receive a notification to review and approve the assessment.
Note: This base template is available for use ‘out of the box’; however, you do have an option of customising the assessment questioning, updating guidance, along with adding any extra questions to ensure all of your organisational requirements are met.
Please see below an overview of the 3 registers that are used in this assessment.