Vendor data due diligence
Transparency and trust are crucial for securing customer data, yet third parties can present another source of risk. EY teams perform contractual reviews and forensic analyses, focusing on a wide range of potential triggers, and can help develop remediation plans.
What EY can do for you
Nearly every day, prominent global companies fall victim to third-party misuse of their customer data, causing financial and reputational damage.
Regulators and consumers alike are increasingly focused on the rights, privileges and associated responsibilities for protecting data. To safeguard the integrity of their customer data, companies need to have well-defined contractual requirements governing the use of data by third parties. They also need to gain transparency into how third parties access, use and store data, as well as their internal control measures, to minimize the risks of data breach and noncompliance.
EY teams have a proven methodology for addressing these concerns:
EY teams begin the initial assessment of third-party data use with insights gathered from third-party due diligence programs and other vendor risk management programs. To investigate areas of potential risk, EY professionals perform contractual reviews, fact-finding interviews, digital forensics, forensic data analytics and other analyses to identify various scenarios of data misuse.
EY teams’ investigations and inquiries focus on a wide range of potential triggers, such as data removal, data transmission, encryption, audit and fourth-party use of data. The inventory of risk triggers is usually determined based on output from third-party due diligence programs and contractual reviews, in collaboration with information gathered from working sessions with relevant stakeholders.
EY professionals also help organizations prepare impact analysis and develop remediation plans based on findings from investigations and forensic analyses. Finally, these reports and analyses drive factual evidence that may be used to prepare for any resulting contract disputes, potential litigations or regulatory inquiries.
Over this process, EY teams also differentiate themselves through their:
- Global reach: EY worldwide resources possess deep experience in forensic investigations and third-party assessments.
- Cost-effective approach: By leveraging existing third-party programs and other vendor risk management programs, EY teams can help save time and cost.
- Forensic approach: EY teams use leading-edge technologies to bring precision and efficiency to investigations.
- Commitment to quality: Regardless of the location, EY engagement teams follow a globally consistent methodology to help deliver high-quality work products.
Our latest thinking
Like what you’ve seen? Get in touch to learn more.