Skip to main content
Logo microsoft
Press Release

TruSight Completes Comprehensive Risk Assessment of Microsoft's Cloud Services

Industry-Standard Assessment Designed to Meet the Rigorous Third-Party Risk Management Requirements of Financial Institutions is Now Available On-Demand.

New York, NY — September 23, 2019 — TruSight, an industry-backed, best-practices third-party assessment utility, today announced that it has conducted a comprehensive risk assessment of Microsoft’s cloud services. The completed assessment, which is available to financial institutions on-demand, provides high-quality, comprehensive data on Microsoft cloud services based on a standardized, industry-backed control assessment methodology.

The foundation of TruSight’s assessment methodology is the TruSight Best Practices Questionnaire (“BPQ”), a robust, standardized questionnaire created by TruSight’s founding banks and updated in partnership with TruSight’s customers and industry experts, to eliminate duplicative assessments across the industry. Its 27 diversified control domains are designed to meet the industry’s assessment needs across the information and cybersecurity, privacy, business resiliency, and other operational risk domains.

“Suppliers to the financial services industry spend enormous and ever-increasing time and resources responding to duplicative assessments from their customers,” said Abel Clark, CEO of TruSight. “One of TruSight’s primary goals is to change that equation by driving efficiency and simplification across the industry. Through partnership with financial institutions and their third parties, we’ve pioneered an industry-standard, best-practices assessment methodology that allows assessments to be conducted once and delivered on-demand to many institutions.”

For the Microsoft assessment, TruSight conducted a rigorous onsite assessment of the company’s cloud services, including Microsoft Azure, Microsoft 365, and Microsoft Dynamics 365, to validate the design and implementation of controls according to the BPQ’s requirements. The comprehensive assessment validation procedures included structured inquiries, policy and procedure inspection, evidence-based validation, and onsite dynamic control observations and validation.

Robert Dring, principal program manager, Microsoft 365 at Microsoft Corp., noted, “Microsoft understands the importance of enabling institutions’ cloud assessments, monitoring, and risk reviews. We are always looking for ways to make this process easier for our customers and are pleased to be the first major cloud provider to successfully go through TruSight’s rigorous process.”

Financial institutions seeking to work with Microsoft can now purchase the robust, high-quality assessment of Microsoft’s cloud services by contacting them. To contact them, click here. The TruSight comprehensive assessment report on Microsoft’s cloud services will be updated regularly to ensure alignment with the latest in industry and regulatory requirements and advancements in Microsoft technology.

“By executing best-practice assessments once and making them available to many, TruSight is transforming the assessment process and making it substantially more efficient for everyone involved,” said Brian Wallace, head of third party governance operations at BNY Mellon. “We’re proud to have been a founding member of this transformative effort.”

About TruSight

TruSight is the best-practices third-party risk-assessment service created by leading financial institutions for the collective benefit of the financial services industry including customers, suppliers, partners, and other third parties. TruSight simplifies third-party assessments by executing best-practice, standardized assessments once and making them available to many – enabling financial institutions to gain greater visibility into potential risks and manage third-party relationships more efficiently and effectively.

# # #

For more information, contact:
Laura Nelson or Kay Kelly
SVM Public Relations

svgImg Coronavirus Statement

Coronavirus Statement

Our highest priority at TruSight Solutions is to maintain health and safety, and we are closely monitoring the global situation regarding the spread of coronavirus (COVID-19.) At the same time, we remain steadfast in our commitment to deliver assessment products of the highest quality for our customers and assessed parties. In light of these dual goals, this statement addresses precautions and strategies that TruSight is implementing with respect to on-site assessments and the assessors who conduct these facility visits.

Assessors who have been assigned to conduct on-site assessments have attested that they have not traveled in the past 30 days to a country with a Level 2 or Level 3 designation from the U.S. Centers for Disease Control and Prevention. (A Level 2 alert is for enhanced precautions, and a Level 3 warning is to avoid non-essential travel.)

Upon request, each individual assigned assessor will confirm this assurance in writing via email.

Any assessor currently conducting an assessment in an affected country is bound by the country’s domestic regulations and will remain in that country as long as required.

Assessors have been instructed to escalate any personal travel concerns to their manager. Individual concerns will be respected and assignments adjusted accordingly.

For reasons of health and safety, there could be a delay in conducting an assessment and/or delivering a product where a country is prohibiting travel or otherwise inhibiting movement that is necessary for such assessment. In this event, we will inform impacted vendors and customers as soon as we become aware of the situation. We may also propose performing a remote assessment in lieu of an on-site assessment and making adjustments accordingly.

As the coronavirus situation quickly evolves, TruSight is closely following developments from the World Health Organization, U.S. Centers for Disease Control and Prevention, and other domestic and international bodies. If you have questions or concerns, please reach out directly to your TruSight contacts.

scroll to top icon