Third party security assessment

The Information Security Team can support your division, department or faculty to identify and mitigate risks associated with using third-party services and suppliers who process University data. Whether it’s a new or existing relationship, the results of an assessment will better prepare you to make the right decisions about how to manage your suppliers.

What we offer

The Third Party Security Assessment (TPSA) is a due diligence activity to gain a level of assurance with the overall security of our suppliers.

It can be treated as part of the procurement process or carried out with existing suppliers. It involves sending the supplier a list of security-related questions about their control environment, and uses the expertise of the Information Security Team to assess the responses.

Benefits for you

  • Gain active assurance that suppliers are protecting your data
  • Reduce the risk of information security incidents
  • Make managers more aware of the supplier risks to your data
  • Standardised assessment methods ensure a consistent approach to measuring supplier risk
  • Compliance with legal and policy requirements
  • Enable informed decision making when selecting new suppliers

How it works

The service is available to all parts of the collegiate university. The service includes:

  • Assistance with determining the level of risk based on the nature and volume of the data involved
  • Assessing the security controls and contractual arrangements of the supplier to determine if they are fit for purpose
  • Providing advice, assistance and support when dealing with supplier queries and negotiations
  • Making recommendations to help you decide whether the supplier’s security is sufficiently mature

What you need to do

Firstly, take a look at our Working with third parties page for further guidance.

Then if you are interested in this service, please send a completed version of the TPSA questionnaire to grc@infosec.ox.ac.uk or contact us in advance if you have any queries.