Form Relationships with Confidence

TRUSTe’s Service Provider Evaluation (SPE) service provides your company with an independent check of service provider data management and privacy practices, confirmation of certifications and trust marks, details of service provider site reputations, and information about the safety of websites linked to by your users. Regulators have made it clear that buyers of outsourced services remain responsible for the data, must perform regular audits and must not rely solely on legal agreements.

Multiple regulations require management of third party risks such as:

  • FDIC (FIL 20-2008, FIL 44-2008)
  • FISMA (Federal Information Security Management Act)
  • GLBA (Gramm-Leach Bliley Act)
  • FACTA – Red Flags Rule
  • Sarbanes-Oxley (Section 302 & 404)
  • NCUA Regulations (12 CFR Part 748.0)
  • HIPAA (Health Insurance Portability & Accountability Act)
  • PCI Standard (Visa, MasterCard, Discover, American Express, JCB)
  • State Breach Laws

SPE allows companies to:

  • Minimize partner-vetting costs and streamline processes
  • Reduce organizational risk
  • Make informed decisions faster
  • Protect brand and site reputation
  • Avoid placement of excessive controls for service providers
  • Provide tighter assurance of trust to their customers

Save costs and make better decisions:

  • Reveals online and offline data management practices
  • Identifies all third parties operating on your site and their online relationship
  • Verifies and assesses strength of privacy practices against recognized best practices and/or laws
  • Validates site reputation thereby protecting company reputation
  • Confirms validity of security certifications and trust marks
  • Scans for malicious content and tracking technologies on service provider sites to protect user information
  • Builds and maintains a database of common service providers to help with rapid decision making

Example SPE dashboard
If the dashboard shows an issue, you will be provided with details of the findings.

SPE Reporting Features and Benefits

  • Check third party data management and privacy practices to ensure that they are taking reasonable care of company information and that their practices are consistent with yours
  • Review for validity of appropriate certifications and trust marks on service provider sites
  • Check service provider reputation to ensure that their brand positively reflects on yours
  • Ensure that if your users are directed to the service providers’ sites, they are not infected due to malicious content on these sites
  • Identify areas where additional/changed processes and controls are appropriate
  • Analysis can be performed for any service provider

SPE is available as a beta module of TRUSTe’s well-regarded TRUSTed Websites program.

If you are a service provider that would like to be part of TRUSTe’s Service Provider database contact us at

Find out more about the TRUSTe Service Provider Evaluation service

» Contact a TRUSTe representative today
» Download the program brief

TRUSTe Program Requirements

Learn what it takes to earn the TRUSTe seal of approval

Follow Us

About Truste

TRUSTe is the leading global Data Privacy Management (DPM) company and powers trust in the data economy by enabling businesses to safely collect and use customer data across their customer, employee, and vendor channels. Our SaaS-based DPM Platform gives users control over all phases of data privacy management from conducting assessments and implementing compliance controls to managing ongoing monitoring. Our DPM Services, including assessments and certifications, are delivered by an expert team of privacy professionals. Thousands of companies worldwide rely on TRUSTe to minimize compliance risk and protect their brand.