Share via


Know Your Third Party (KY3P) Comprehensive Assessment

About KY3P Assessments

KY3P Comprehensive Assessment (formerly known as the TruSight comprehensive assessment), by S&P Global Market Intelligence, is a compliance product offered by a third-party risk assessment firm whose roots stem from a consortium of leading financial services companies. Their goal was to harness their collective financial expertise and combine their best practices into a consistent assessment methodology that elevates standards and simplifies the process of managing third-party relationships and the associated risk.

In January 2023, TruSight was acquired by S&P Global. This acquisition allows the combination of TruSight's existing compliance and risk assessment expertise with an established risk management portfolio. For more information, see S&P Global enhances KY3P risk management capabilities with acquisition of TruSight Solutions LLC.

Microsoft and KY3P Assessments

KY3P Assessments originated as TruSight Solutions, an innovative industry utility built by a consortium of leading financial services companies.

The KY3P Assessments best practices questionnaire includes over 200 controls across 27 domains. KY3P Assessments has assessed Microsoft Cloud annually since 2018.

A rigorous and comprehensive assessment of Microsoft 365, Microsoft Azure, Microsoft Dynamics 365, and Microsoft Power Platform was conducted to validate the design and implementation of controls according to BPQ requirements. The comprehensive validation procedures included structured inquiries, policy and procedure inspections, reviews with supporting evidence, and onsite dynamic control observations.

Microsoft undergoes annual reviews to ensure that the assessment remains current and reflects new regulatory requirements and technology updates in Microsoft services. The latest report was issued in January 2023.

As a result of this rigorous evaluation, financial services customers now have access on demand to a high-quality assessment of Microsoft cloud services based on standardized, industry-backed methodology without having to expend the considerable resources they would need to conduct it themselves.

Microsoft in-scope cloud platforms & services

Audits, reports, and certificates

To purchase the Comprehensive Assessment of Microsoft Cloud report, contact KY3P Sales. KY3P updates its assessment annually of our cloud services to ensure alignment with the latest regulatory requirements and advancements in Microsoft technology.

How to implement

  • Financial use cases: Use case overviews, tutorials, and other resources to build Azure solutions for financial services.
  • US financial services regulation: How Microsoft online services align with key regulatory expectations for US financial institutions.

Frequently asked questions

What are the benefits of relying on the KY3P assessment of Microsoft enterprise cloud services?

  • Cost reallocation: The KY3P Assessments report eliminates the need for financial institutions to conduct their own costly, time-consuming assessments, enabling them to focus their resources on managing, rather than assessing, risk.
  • Improved quality: The KY3P methodology has established a consistent set of standards, which improves the quality and accuracy of information available from third parties.

Resources