Third Party Assurance Services

Services Security & Compliance 3rd Party Security Assurance

3rd Party Security Assurance

Outsourcing is a feature of modern business with many companies choosing to engage specialist third parties to provide services on an outsourced basis using skills or solutions that they do not have in-house.

With the ever increasing trend toward 'outsourcing' and the use of third parties to manage and process data, there is a very tangible need to manage the risk associated with these arrangements.

There is a heightened focus on the need for effective oversight of the risks associated with outsourcing and our third-party assurance service line is designed to provide companies with such assurance.

We provide third party assurance services to a wide range of clients across a number of sectors including banking, IT, asset management and insurance. Obtaining a SOC (Service Organization's System Controls) report is a value add and credible solution to the management and oversight of your third party providers and their respective risk and control environments.

These reports can take the form of SOC 1, 2 or 3 report or alternatively a tailored attestation report:

Companies that specialize in managing outsourced processes are generally required to provide assurance to their clients in the form of a third-party assurance certification such as SOC 1, ISAE 3402 or SOC 2. Such assurance is often required in order to attract new customers or retain existing clients.

VST provide a full suite of third party assurance services to clients across the following third-party assurance standards:

SOC 1 and ISAE 3402: An assurance report that focuses on a service organization's system of internal controls that are relevant to the internal controls over financial reporting.
SOC 2 (and SOC 2+): An assurance report that focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
SOC for Cybersecurity: An assurance report that focuses on an organizations' enterprise-wide cybersecurity risk management program.
Agreed Upon Procedures(AUP): an audit on a specific test or business process.

In relation to these standards we provide:

Readiness assessment: performance of testing to identify gaps between existing controls and those required to obtain an unqualified audit report.
Planning services: assistance with scoping and preparing the documentation required for a third-party assurance audit.
Audit services: performance of a SOC 1, SOC 2, ISAE 3402, SOC for Cyber or AUP audit.

We are trained and Certified Third Party Risk Professional (CTPRP). That is by the Shared Assessment Organization. We will develop and put in place a comprehensive Vendor Risk Management Program. That will be a significant part of the organization's security governance. And it will mitigate security risks caused by vendors.

Our TPSP Engagement Process

The program includes the following oversight components:

Program governance
The setting of policies, standards, and procedures
Contract security review
Vendor risk identification and analysis
Creation of company security tools. Along with metrics to measure and analyze ongoing company vendor management
Continuous and ongoing monitoring and review of company vendor management efficiencies

Why Choose VST

VST performs all of its SOC engagements in accordance with the relevant professional assurance standards – i.e. ISAE 3402 or SSAE 18 (previously SSAE 16). Our clients attest that they derive tangible benefits from engaging a SOC assurance review and report annually. The ultimate benefit being one of protecting and enhancing the value of their business by:

achieving competitive advantage in the marketplace in having this control oversight mechanism in place;

adding weight to their business proposition and risk management capabilities in tendering for new business;

providing assurance to existing clients to support and protect their business relationship;

enhancing reputational credibility as an outsourced service provider in the market place;

achieving operational efficiency by reducing management time spent answering client and/or auditor queries;

supporting the proactive management of their control environment via identification and remediation of risk/ control matters raised in the SOC report itself; and

satisfying assurance requirements of other parties – such as Board of Directors/banks/regulators.

Privacy Overview

We use cookies and other tracking technologies to ensure that we give you the best experience on our website, analyse your use of our products and services, assist with our promotional and marketing efforts, and provide content from third parties. More info

Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work then.

Cookies used:

Name	Provider	Purpose	Expiry	Type
_GRECAPTCHA	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	179 days	HTTP
rc::a	Google	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.	Persistent	HTML
rc::b	Google	This cookie is used to distinguish between humans and bots.	Session	HTML
rc::c	Google	This cookie is used to distinguish between humans and bots.	Session	HTML
__cfruid [x4]	info.atempo.com vstinc.com Zendesk	This cookie is a part of the services provided by Cloudflare - Including load-balancing, deliverance of website content and serving DNS connection for website operators.	Session	HTTP
__cfduid	vstinc.com	Used by the content network, Cloudflare, to identify trusted web traffic.	29 days	HTTP

Preferences Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos, live chats and your preferred language. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these functionalities may not function properly.

Cookies used:

Name	Provider	Purpose	Expiry	Type
loglevel	Wistia	Maintains settings and outputs when using the Developer Tools Console on current session.	Persistent	HTML

Statistics Cookies

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is anonymous. If you do not allow these cookies, we will not know when you have visited our site.

Cookies used:

Name	Provider	Purpose	Expiry	Type
seg	Appnexus	Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.	Session	Pixel
_ga [x2]	Giphy Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years	HTTP
_gat [x2]	Giphy Google Tag Manager	Used by Google Analytics to throttle request rate	1 day	HTTP
_gid [x2]	Giphy Google	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	1 day	HTTP
collect	Google	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session	Pixel
__hssc	Google Tag Manager	Identifies if the cookie data needs to be updated in the visitor's browser.	1 day	HTTP
__hssrc	Google Tag Manager	Used to recognise the visitor's browser upon reentry on the website.	Session	HTTP
__hstc	Google Tag Manager	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	1 year	HTTP
_ga_#	Google Tag Manager	Used by Google Analytics to collect data on the number of times a user has visited the website as well as dates for the first and most recent visit.	2 years	HTTP
hubspotutk	Google Tag Manager	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	1 year	HTTP

Marketing Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

Cookies used:

Name	Provider	Purpose	Expiry	Type
anj	Appnexus	Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.	3 months	HTTP
px	Appnexus	Registers anonymised user data, such as IP address, geographical location, visited websites, and what ads the user has clicked, with the purpose of optimising ad display based on the user's movement on websites that use the same ad network.	Session	Pixel
uuid2	Appnexus	Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.	3 months	HTTP
ga_clientId	Brighttalk	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Persistent	HTML
pagead/landing	Google	Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement.	Session	Pixel
tr	Facebook	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	Session	Pixel
ads/ga-audiences	Google	Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites.	Session	Pixel
i/jot	Twitter Inc.	Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers.	Session	Pixel
_an_uid	Google Tag Manager	Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.	6 days	HTTP
_fbp	Google Tag Manager	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months	HTTP
_gac_UA-#	Google	Stores information about ad campaigns from Google Adwords to show targeted ads to the visitor.	3 months	HTTP
_gcl_au	Google Tag Manager	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services.	3 months	HTTP
_gcl_aw	Google Tag Manager	Used to measure the efficiency of the website’s advertisement efforts, by collecting data on the conversion rate of the website’s ads across multiple websites.	3 months	HTTP
_gd_session	Google Tag Manager	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	1 day	HTTP
_gd_svisitor	Google Tag Manager	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	2 years	HTTP
_gd_visitor	Google Tag Manager	Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.	2 years	HTTP

Unclassified Cookies

These cookies are necessary to display content from social networks such as facebook, twitter, pinterest, etc. In such a way that you can share our content with your favorite social networks.

Cookies used:

Name	Provider	Purpose	Expiry	Type
_wchtbl_do_not_process	Google Tag Manager	Pending	1 day	HTTP
_wchtbl_pixel_sync	Google Tag Manager	Pending	1 day	HTTP
_wchtbl_sid	Google Tag Manager	Pending	Session	HTTP
_wchtbl_uid	Google Tag Manager	Pending	1 year	HTTP
dpm_time_site	Google Tag Manager	Pending	Session	HTTP
dpm_url_count	Google Tag Manager	Pending	Session	HTTP
hasLiveRampMatch	Google Tag Manager	Pending	Session	HTTP

Let's talk about your next big project.

3rd Party Security Assurance

3rd Party Security Assurance

VST provide a full suite of third party assurance services to clients across the following third-party assurance standards:

In relation to these standards we provide:

Our TPSP Engagement Process

The program includes the following oversight components:

Why Choose VST

If you would like to know more about our Third Party Assurance service offerings please

Let's talk about your next big project.

3rd Party Security Assurance

3rd Party Security Assurance

VST provide a full suite of third party assurance services to clients across the following third-party assurance standards:

In relation to these standards we provide:

Our TPSP Engagement Process

The program includes the following oversight components:

Why Choose VST

If you would like to know more about our Third Party Assurance service offerings please

Cookie Settings Center

Privacy Overview

Necessary Cookies

Cookies used:

Preferences Cookies

Cookies used:

Statistics Cookies

Cookies used:

Marketing Cookies

Cookies used:

Unclassified Cookies

Cookies used: