Form Relationships with Confidence


TRUSTe’s Service Provider Evaluation (SPE) service provides your company with an independent check of service provider data management and privacy practices, confirmation of certifications and trust marks, details of service provider site reputations, and information about the safety of websites linked to by your users. Regulators have made it clear that buyers of outsourced services remain responsible for the data, must perform regular audits and must not rely solely on legal agreements.

Multiple regulations require management of third party risks such as:

  • FDIC (FIL 20-2008, FIL 44-2008)
  • FISMA (Federal Information Security Management Act)
  • GLBA (Gramm-Leach Bliley Act)
  • FACTA – Red Flags Rule
  • Sarbanes-Oxley (Section 302 & 404)
  • NCUA Regulations (12 CFR Part 748.0)
  • HIPAA (Health Insurance Portability & Accountability Act)
  • PCI Standard (Visa, MasterCard, Discover, American Express, JCB)
  • State Breach Laws

SPE allows companies to:

  • Minimize partner-vetting costs and streamline processes
  • Reduce organizational risk
  • Make informed decisions faster
  • Protect brand and site reputation
  • Avoid placement of excessive controls for service providers
  • Provide tighter assurance of trust to their customers

Save costs and make better decisions:

  • Reveals online and offline data management practices
  • Identifies all third parties operating on your site and their online relationship
  • Verifies and assesses strength of privacy practices against recognized best practices and/or laws
  • Validates site reputation thereby protecting company reputation
  • Confirms validity of security certifications and trust marks
  • Scans for malicious content and tracking technologies on service provider sites to protect user information
  • Builds and maintains a database of common service providers to help with rapid decision making

Click
Example SPE dashboard
If the dashboard shows an issue, you will be provided with details of the findings.


SPE Reporting Features and Benefits

  • Check third party data management and privacy practices to ensure that they are taking reasonable care of company information and that their practices are consistent with yours
  • Review for validity of appropriate certifications and trust marks on service provider sites
  • Check service provider reputation to ensure that their brand positively reflects on yours
  • Ensure that if your users are directed to the service providers’ sites, they are not infected due to malicious content on these sites
  • Identify areas where additional/changed processes and controls are appropriate
  • Analysis can be performed for any service provider

SPE is available as a beta module of TRUSTe’s well-regarded TRUSTed Websites program.

If you are a service provider that would like to be part of TRUSTe’s Service Provider database contact us at ServiceProviders@TRUSTe.com


Find out more about the TRUSTe Service Provider Evaluation service

» Contact a TRUSTe representative today
» Download the program brief

CONTACT US

TRUSTe Program Requirements

Learn what it takes to earn the TRUSTe seal of approval

Follow Us

About Truste

TRUSTe is the leading global Data Privacy Management (DPM) company and powers trust in the data economy by enabling businesses to safely collect and use customer data across web, mobile, cloud and advertising channels. Our cloud-based Data Privacy Management Platform delivers innovative technology products, including website monitoring and advertising compliance controls - along with privacy assessments and certifications. More than 5,000 companies worldwide rely on our DPM platform and globally recognized Certified Privacy Seal to protect / enhance their brand, drive user engagement and minimize compliance risk.