Dela via


Know Your Third Party (KY3P) Comprehensive Assessment

About KY3P Assessments

S&P Global KY3P Comprehensive Assessment (formerly known as the TruSight comprehensive assessment), supports regulatory compliance by facilitating efficient processes through the seamless exchange of standardized and fully validated risk data between service providers (such as Microsoft) and their clients. The globally recognized KY3P assessment methodology empowers business with enhanced visibility into their supply chain risks, allowing them to prioritize customer-centric operations.

Note

In January 2023, TruSight was acquired by S&P Global to expand the breadth and depth of its third-party risk management solutions. TruSight was integrated into S&P Global KY3P and sits within the S&P Global Market Intelligence division. This acquisition allows the combination of TruSight's existing compliance and risk assessment expertise with an established risk management portfolio. For more information, see S&P Global enhances KY3P® risk management capabilities with acquisition of TruSight Solutions LLC.

Microsoft and KY3P Assessments (formerly TruSight)

KY3P Assessments originated as TruSight Solutions, an innovative industry utility built by a consortium of leading financial services companies. The KY3P Assessments best practices questionnaire includes over 200 controls across 26 diversified control categories across nine Risk Domains. KY3P Assessments has assessed Microsoft Cloud with this methodology annually since 2018.

A rigorous and comprehensive assessment of Microsoft Azure, Microsoft Dynamics 365, and Microsoft Power Platform, and Microsoft 365 was conducted to validate the design and implementation of controls according to BPQ requirements. The comprehensive validation procedures included structured inquiries, policy and procedure inspections, reviews with supporting evidence, and onsite dynamic control observations.

In September 2018, the first risk assessment of Microsoft cloud services was issued, Comprehensive Assessment of Microsoft Cloud. Microsoft now undergoes annual reviews to ensure that the assessment remains current and reflects new regulatory requirements and technology updates in Microsoft services. The latest report was issued in March 2024.

As a result of this rigorous evaluation, financial services customers now have access on demand to a high-quality assessment of Microsoft cloud services based on standardized, industry-backed methodology without having to expend the considerable resources they would need to conduct it themselves.

Microsoft in-scope cloud platforms & services

Audits, reports, and certificates

To purchase the Comprehensive Assessment of Microsoft Cloud report, contact KY3P Sales. KY3P updates its assessment annually of our cloud services to ensure alignment with the latest regulatory requirements and advancements in Microsoft technology.

How to implement

  • Financial use cases: Use case overviews, tutorials, and other resources to build Azure solutions for financial services.
  • US financial services regulation: How Microsoft online services align with key regulatory expectations for US financial institutions.

Frequently asked questions

What are the benefits of relying on the KY3P assessment of Microsoft enterprise cloud services?

  • Cost reallocation: The KY3P Assessments report eliminates the need for financial institutions to conduct costly, time-consuming assessments, enabling them to focus their resources on managing, rather than assessing, risk.
  • Improved quality: The KY3P methodology has established a consistent set of standards, aligned to global regulatory bodies, which improves the quality and accuracy of information available from third parties.
  • Streamlined Consumption: The KY3P API service seamless integrates with an organization's systems and processes, allowing users to easily consume KY3P-validated information in a way that syncs with their workflows.

Resources