TRAC™ is
efficient,
effective,
and easy!
 
1400 N Washington Ave
Suite 103
Madison, SD 57042-1147
605-270-3321
TRAC™ - Third Party Management Back
 

Third Party Selection
 

Document Third Party Information

Each third party's information can be entered and saved under the information tab of TRAC™ 3PM. The third party is also classified based upon the type of product or service being offered, the sensitivity of information, and the importance of their availability to the institution.

Document Third Party Information Click on image to enlarge
Documenting Third Party Information
 

Perform a Cost Benefit Analysis

Cost of a third party is probably the most critical point when selecting a third party. TRAC™ 3PM has an easy and customizable way for users to enter the costs associated with a third party. The product features, advantages, and disadvantages are documented for analysis.

Perform a Cost Benefit Analysis Click on image to enlarge
Performing a Cost Benefit Analysis
 

Reference Review

TRAC™ 3PM allows for an unlimited number of references to be entered for each third party. Some general information is entered for each reference including their asset size and regulatory body. Questions are defaulted to ask each reference when assessing the third party; these questions are customizable as you can delete the default questions and/or add your own set of questions.

Reference Review Click on image to enlarge
Reviewing References
 

Evaluate Third Party Risk

TRAC™ 3PM evaluates the risk of a new product or service by performing a quick risk assessment, utilizing the same process as the TRAC™ Risk Assessment module. Once a user determines an asset type, pre-defined confidentiality, integrity, availability, and volume ratings are determined, along with a pre-defined list of threats and mitigating controls. TRAC™ 3PM allows users to print the list of controls and send this list to the third party to have them identify their own security controls.

Evaluate Third Party Risk Click on image to enlarge
Evaluating Third Party Risk
 

Ask Due Diligence Questions

TRAC™ 3PM contains default due diligence questions to ask a third party. The questions are broken down into several sections and has the option for users to add their own customized questions. The TRAC™ 3PM module allows users to print these questions in a questionnaire format to be sent to the third party.

Ask Due Diligence Questions Click on image to enlarge
Asking Due Diligence Questions
 

Select the Successful Third Party

Each third party needs to be rated on a scale of one to five for each of the four previous areas evaluated: Cost Benefit Analysis, References, Risk Assessment, and Due Diligence. TRAC™ 3PM will compile the scores to drive the selection process. Once the successful third party has been selected, TRAC™ 3PM will ask for final notes on why the successful third party was chosen.

Select the Successful Third Party Click on image to enlarge
Selecting the Successful Third Party
 

Review Contract

Before signing a contract with a third party, TRAC™ 3PM has a list of items to consider to ensure the contract adequately protects the institution. The items are broken down into questions to answer when reviewing the final contract; each institution has the ability to add customized questions.

Review Contract Click on image to enlarge
Reviewing a Contract
 

Document Selection Process

Each selection needs to be adequately documented to verify compliance with the Third Party Management Program. With the push of a button, TRAC™ 3PM will create and store a record of this customized documentation. The documentation will list everything which has been entered for all third parties during the selection process.

Document Selection Process Click on image to enlarge
Documenting the Selection Process