The three Tiers of assessment differ in both levels of due diligence, as well as validation of evidence.
Tier 1: Our most comprehensive assessment addresses high-risk third parties or vendors who handle extremely sensitive customer data. Includes a long-form vendor questionnaire, followed by a professionally assessed evidence review to validate control maturity and effectiveness.
Tier 2: Our mid-tier assessment is structured for medium-risk third parties. An abbreviated third-party questionnaire is followed by automated validation through a rules engine based on proprietary algorithms to identify inconsistencies in the assessment responses.
Tier 3: Our basic assessment, designed for low-risk third parties, includes a short-form third-party questionnaire followed by self-attestation.