Features
To facilitate the assessment and mitigation of compliance risks associated with a third-party service organization, its services, and the systems used to provide the services, this article proposes adopting an approach from the financial sector that, with a little modification, could be used to assess suppliers of GxP-regulated IT services.