Below are some frequently asked questions regarding Third Party Legal agreements.
Q: What is ProcessUnity GRX?
A: ProcessUnity GRX is an exchange platform for Third-Party Cybersecurity Risk Management that allows both vendors and customers to more efficiently and effectively manage the risk associated with their Third Party ecosystem.
Q: How does the ProcessUnity GRX process work?
A: Through ProcessUnity GRX’s SaaS platform, customers receive data and analytics on their vendor security ecosystem. In the event a customer is interested in performing a deeper dive on a particular third-party vendor, it is able to request an assessment of that company. A third-party is then asked, through the GRX’s customer service team, to complete the “ProcessUnity GRX Assessment Process” by completing a risk assessment questionnaire through the GRX platform. ProcessUnity GRX takes the answers to the questionnaire, runs that answer set through its proprietary process, and prepares a report on the third-party for the mutual customer. The third-party must expressly authorize the GRX to release its assessment to the requesting customer. The GRX platform allows the customer to securely access the GRX assessments of its selected third-party vendors, while at the same time being able to more effectively digest and manage the data security information. Further adding to the effectiveness of the GRX product offering is the ability for third-party vendors to update their information on their assessment periodically, and the ability to build on the initial assessment rather than completing a new assessment each year.
Q: How does ProcessUnity GRX make the process more efficient for vendors?
A: Once a third-party completes a ProcessUntiy GRX assessment, the answers and the resulting assessment remain available to share via the GRX exchange with other customers proactively, or for the third-party vendor to respond to individual customer requests. This reduces the burden on security professionals who are completing numerous risk assessments for multiple customers and allows them to complete one assessment and share it many times.
Q: What happens to my data after I answer the questionnaire?
A: Upon logging in to the GRX platform, and prior to answering our questionnaire, you will be met with our Third Party Profile Agreement (TPPA), or “TPPA” for short. Among other things, the TPPA allows ProcessUnity GRX to use the answers you provide to our questionnaire in order to prepare the assessment, share it with the customers you authorize us to share it with, and ultimately store the assessment on our platform in order to allow you to respond to other security audits from other mutual customers.
Q: How do you protect the privacy of my data?
A: With respect to customers accessing your assessment, you have the right to authorize and deauthorize a customer at any time through the platform, for any reason. With respect to general data security, ProcessUnity GRX maintains appropriate technical and organizational security measures to protect against accidental or unlawful destruction or accidental loss, damage, alteration, or unauthorized disclosure of confidential information. Please contact us if you would like further information about our security.
Q: What if my legal department has questions or concerns about the content of the TPPA?
A: If your legal department has questions or concerns with the TPPA, please indicate this in your correspondence with the assigned Assessment Coordinator and they will coordinate with our other internal teams as necessary to provide a response. As referenced above, ProcessUnity GRX operates an exchange where assessment information may be shared with more than one (mutual) customer. As a result, ProcessUnity GRX needs the ability to use the answers you provide on our questionnaire to prepare our assessment as well as the data and analytics we provide our customers in our product.
Q: What if my legal department requires an NDA to be signed?
A: While we understand that an NDA may be a part of your company’s standard process, the terms and conditions of our TPPA will need to govern our contractual relationship in order for you to participate in the GRX assessment process. ProcessUnity GRX’s exchange model is predicated on our ability to share your assessment with your authorized customers instead of prohibiting disclosure, which is the purpose of an NDA. The TPPA contains confidentiality and non-disclosure provisions that protect your data, but within the framework of our exchange model. We advise your legal department to review our TPPA first, and if they have questions, to please ask the assigned Assessment Coordinator to coordinate our response to any questions they may have instead of sending us your NDA.
Q: Will my legal department be able to review the questions and/or answers to the questionnaire before the assessment is submitted?
A: Yes. There is a section on the Assessment Dashboard called ‘Review and Submit’ that lists all of the questions and answers provided. This section is accessible at any point during the assessment process. You can add a legal representative as a user on your account with view permissions to review that data prior to submitting the assessment.
Q: Will my IT Security department be able to review the assessment results before it’s shared with the requesting customer?
A: Yes, after the assessment is submitted you have the option to review your results before sharing with your customer(s). Your customer(s) will not have access to your assessment data and scores or to your ProcessUnity GRX Report until you authorize their request.
Comments
0 comments
Please sign in to leave a comment.