Routine assessment of third-party data protection is now a regulatory obligation.

Your third-party service providers can be weak links exposing your company to data breaches and privacy violations.


    In fact, in as much as 50% of breaches, access through a third party is the entry mechanism for cybercriminals.


    Notably, only 6% of respondents for the ACC Foundations: The State of Cybersecurity Report say they have the highest degree of confidence that their third-party vendors protect them from cybersecurity risks.

Are you conducting diligence on EVERY THIRD PARTY
that has access to your systems or data?

The increase in third parties processing regulated data and the surge in third-party data protection violations and breaches means third-party risk assessments should be a top priority for general counsel.

Consider these questions

  • Do you assess all third-party service providers?

  • Are your assessments conducted using spreadsheets?

  • Can you demonstrate effective compliance?

  • Are you meeting your regulatory obligations?

Meet Your Regulatory Obligations Effectively

ACC Vendor Risk Service is the only solution that quickly identifies which third parties require comprehensive assessment according to key regulations like the GDPR, 23NYCRR 500, FARs, and others.

With this robust platform, you'll...

  • Understand the nature of your relationships with third parties, so you can ensure you conduct appropriate and ongoing diligence.
  • Quickly identify where vendors exceed risk thresholds and which regulations they are subject to, like the GDPR, FAR and more.
  • Gather the reporting necessary to conduct effective privacy impact assessments on third parties, as necessary.
  • Gain insights necessary to work with your IT team on appropriate remediation steps.
  • Develop exceptional documentation to demonstrate your ongoing diligence efforts.
  • Profile each vendor and gain information needed to inform your contracts.



    Leverage powerful technology to expand the reach and effectiveness of your third-party due diligence efforts.

    All our survey standards are based on recognized cyber security standards and designed for fast, accurate responses from your vendors.

    Incorporate the Law Firm Survey standard (based on the ACC Model Controls) to help identify some of your most pressing risks.

    Your largest third parties are not your greatest risk. Use the Vendor Risk Profile standard to assess your presumed "low risk" vendors.




    World-class question sets based on recognized and reasonable frameworks.


    Effective insights and reporting to identify risks and avoid unnecessary incidents.


    Fully-automated distribution, reminders and reporting.


    Vendors can distribute question sets to internal experts for more accurate and rapid responses.


    Flexibility to modify surveys to meet your specific needs.


    Documented processes to support your practices when an incident happens.


    Preset surveys based on recognized international frameworks.


    Preset heat mapping to help streamline your vendor review process.


    Support from our professional services team.

Built on Globally Recognized Frameworks and Standards


    For the ACC Vendor Risk Service, recognized frameworks and models have been adapted. The three assessment standards can be easily modified.


    The Comprehensive Risk Standard builds directly off the NIST Cyber Security Framework and SP 800-171 standards as well as the intentions of the EU General Data Protection Regulation and other domestic and international requirements.