The ProcessUnity Global Risk Exchange (GRX) Assessment is designed to deliver maximum value to our Customers and their Third Parties. Here is an overview of the assessment process.
POPULATION
Customers add third parties to their ProcessUnity GRX portfolio with the help of our risk professionals. Immediately, these Customers gain insights on potential risk and business exposure through our Predicted Risk Profiles.
REGISTRATION
A Customer requests an assessment from a Third Party in their portfolio. The request arrives in the form of a registration email inviting the third party to join the GRX platform. Upon registering, the Third Party can immediately begin the questionnaire in the GRX platform.
ATTESTATION
The breadth of the GRX Assessment is driven by the level of assurance required by the Customer, and this can be broken down into two categories: NON-VALIDATED or VALIDATED. In either case, Third Parties must formally attest to the accuracy of their answers. The primary Third Party user can add additional users from their organization to assist with the assessment exercise.
To note, Third Parties must complete their ProcessUnity GRX assessment at the enterprise level - it cannot be scoped to the requesting customer or any individual business unit, product line, system or division.
VALIDATION
For VALIDATED ASSESSMENTS (Tier 2 Validated or Tier 1), Third Parties must provide evidence in addition to completing the questionnaire. To do this, they upload artifacts directly to our secure portal where our team will review and verify. Validated controls are selected based on criteria such as answer strength, industry risks, inherent risks and contemporary vulnerabilities. Please see our Evidence Validation Guide for more details.
AUTHORIZATION
Third Parties have sole ownership over their assessment data. As such, in order for a Customer to gain access, they must take the formal step of authorizing access. Once this action has been taken - assuming the questionnaire is fully attested and validation has been completed for that level of assessment - the final report is generated for the Customer to view in the GRX Portal.
ADDITIONAL SHARING
If additional ProcessUnity GRX customers have the same Third Party in their portfolio, those Customers can see that a completed assessment exists - but they would need to send their own authorization request in order to gain access. Third Parties can authorize their completed assessment to any and all requesting the GRX Customers, and they can also freely share it with non-requesting Customers of their own. Third Parties can also revoke access at any time, to any Customer.
Comments
0 comments
Please sign in to leave a comment.