Skip to main content
Assessment methodology led by industry experts trusight solutions

Our Assessment Methodology

Led by Industry Experts

A comprehensive methodology built and continuously updated by industry experts.

TruSight products combine a robust assessment built to a best-practices standard with close industry partnerships.

How it works

A Single, Standardized Questionnaire

The foundation of TruSight’s assessment methodology is the TruSight Best Practices Questionnaire (“BPQ”), a single, standardized questionnaire created by TruSight’s founding banks, and updated in partnership with TruSight’s customers, to eliminate redundant assessments across the industry. The TruSight BPQ’s 27 diversified control domains are designed to meet the industry’s assessment needs across the information and cyber security, privacy, business resiliency and other operational risk domain categories.

TruSight’s scalable product suite allows customers to choose the appropriate risk intelligence depth based on their internal risk policies and appetite for a particular supplier:

Feature set 1

Verified Best Practices Questionnaire (VBPQ)

TruSight gathers and verifies the third party’s responses to our control-based questions, confirming that any responses or artifacts provided by the third party align to each question and its attributes.

Feature set 2

Our Standard Assessment

TruSight conducts a remote assessment of the third party’s control environment to validate the design and implementation of controls according to the BPQ’s requirements. The Standard Assessment includes baseline validation procedures across the 27 TruSight control domains. Standard Assessment validation procedures include structured inquiries, policy and procedure inspection, and example-of-one validation.

Feature set 3

Our Comprehensive Assessment

TruSight conducts an onsite assessment of the third party’s control environment to validate the design and implementation of controls according to the BPQ’s requirements. The Comprehensive Assessment increases focus and professional scrutiny on locational physical and environmental security, cyber security program implementation, privacy, and corporate resiliency controls. Comprehensive Assessment validation procedures include structured inquiries, policy and procedure inspection, example-of-one validation, onsite dynamic control observations and validation.

Trusight solutions customer advisory board

Meet the Industry Experts

Learn more about our Customer Advisory Board (CAB).

Learn More

TruSight Overview

The New Industry Standard for Third-Party Risk

TruSight is the best practices third-party assessment service created by leading industry participants for the collective benefit of all financial institutions, their suppliers, partners and other third parties. As innovators of the Assessments-as-a-Service model, TruSight streamlines and simplifies third-party assessments by executing best practice assessments once and delivering to many over a secure, shared-services platform. TruSight was founded as an innovative industry utility by a consortium of leading financial services companies, including American Express, Bank of America, Bank of New York Mellon, JPMorgan Chase and Wells Fargo.

Download Our Overview
Third party risk assessment overview trusight solutions thumbnail
svgImg Coronavirus Statement

Coronavirus Statement

Our highest priority at TruSight Solutions is to maintain health and safety, and we are closely monitoring the global situation regarding the spread of coronavirus (COVID-19.) At the same time, we remain steadfast in our commitment to deliver assessment products of the highest quality for our customers and assessed parties. In light of these dual goals, this statement addresses precautions and strategies that TruSight is implementing with respect to on-site assessments and the assessors who conduct these facility visits.

Assessors who have been assigned to conduct on-site assessments have attested that they have not traveled in the past 30 days to a country with a Level 2 or Level 3 designation from the U.S. Centers for Disease Control and Prevention. (A Level 2 alert is for enhanced precautions, and a Level 3 warning is to avoid non-essential travel.)

Upon request, each individual assigned assessor will confirm this assurance in writing via email.

Any assessor currently conducting an assessment in an affected country is bound by the country’s domestic regulations and will remain in that country as long as required.

Assessors have been instructed to escalate any personal travel concerns to their manager. Individual concerns will be respected and assignments adjusted accordingly.

For reasons of health and safety, there could be a delay in conducting an assessment and/or delivering a product where a country is prohibiting travel or otherwise inhibiting movement that is necessary for such assessment. In this event, we will inform impacted vendors and customers as soon as we become aware of the situation. We may also propose performing a remote assessment in lieu of an on-site assessment and making adjustments accordingly.

As the coronavirus situation quickly evolves, TruSight is closely following developments from the World Health Organization, U.S. Centers for Disease Control and Prevention, and other domestic and international bodies. If you have questions or concerns, please reach out directly to your TruSight contacts.

scroll to top icon