We’ve just launched and uploaded new versions of the Third Party Security Assessment (TPSA).
The TPSA is a self-assessment tool designed by the Governance, Risk and Compliance (GRC) Team to ensure appropriate due diligence and risk management of proposed third party suppliers, who will be storing and processing University information.
Based on feedback on the previous version, we came up with a number of goals: incorporating a risk-based approach, easier to understand, with less administrative overhead, clear responsibilities and a well-defined process. With the aspiration making it easy enough to use to enable people to assess independently.
We encourage you to use the updated spreadsheet and associated documentation when you next run a procurement exercise (Version 7.7).
We’ll be running workshops – possibly in a webinar format – so watch this space!
You’ll find on our pages:
• A standard operating procedure as well as high and low level process diagrams to walk you through step by step.
• Within the assessment itself, updated tabs to make it clearer who is responsible for each section and a revamped dashboard giving you a clear calculation of risk as well as items of note linked to the assets involved.
• A register of the suppliers that we’ve completed assessments of. Currently there are some gaps, but as we update and review old assessments, the more complete it will become; making it easier to search for the services you need.
It is still early days, we’d appreciate your feedback and sending all completed assessments for review. If you have any queries feel free to get in contact with us (grc@infosec.ox.ac.uk)