The IT team is in charge of cybersecurity...until a breach happens

Your vendors are now prime targets for data breaches and small vendors can provide easy access for hackers.


    In fact, in as much as 50% of breaches, access through a third party is the entry mechanism for cybercriminals.


    Notably, only 7% of respondents for the ACC Foundations: The State of Cybersecurity Report say they have the highest degree of confidence that their third-party vendors protect them from cybersecurity risks.

Are you conducting diligence on EVERY VENDOR
and third-party that has access to your systems or data?

Even cleaning crews, HVAC vendors, and food distributors, to a name a few, can all create exposure
that could lead to a data breach, but are often overlooked in the vendor diligence process.

Consider these questions

  • Do you have an assessment of all your vendors?

  • Do you have the correct assessments from the right sources?

  • Do you spend too much time on third-party due diligence assessments?

  • Do you have the right documentation?

  • Are you keeping up with increasing regulations?

ACC's Exclusive Third-Party Due Diligence Service
Should be in Your Arsenal

ACC Vendor Risk Service (VRS) is a powerful, cloud-based service that automates the
third-party diligence process, saving companies time and money, while increasing their bandwidth.

Your IT and procurement teams will love the tremendous efficiency VRS delivers and your
executive team and directors will appreciate VRS's effectiveness.

This robust platform...

  • Replaces error prone, resource intensive manual process.
  • Allows efficient diligence on any number of third-party vendors at once.
  • Helps identify and monitor the critical risks and vulnerabilities third-party vendors pose so you can protect sensitive company data.
  • Provides standards and processes to reduce risks.
  • Includes a centralized document repository.
  • Creates an audit trail.



    Leverage powerful technology to expand the reach and effectiveness of your vendor due diligence efforts.

    All our survey standards are based on recognized cyber security standards and designed for fast, accurate responses from your vendors.

    Incorporate the Law Firm Survey standard (based on the ACC Model Controls) to help identify some of your most pressing risks.

    Your largest vendors are not your greatest risk. Use the Vendor Risk Profile standard to assess your presumed "low risk" vendors.




    World-class question sets based on recognized and reasonable frameworks.


    Effective insights and reporting to identify risks and avoid unnecessary incidents.


    Fully-automated distribution, reminders and reporting.


    Vendors can distribute question sets to internal experts for more accurate and rapid responses.


    Flexibility to modify surveys to meet your specific needs.


    Documented processes to support your practices when an incident happens.


    Preset surveys based on recognized international frameworks.


    Preset heat mapping to help streamline your vendor review process.


    Support from our professional services team.

Engineered to Support Industry Standard Cybersecurity Frameworks


    For the ACC Vendor Risk Service, recognized frameworks and models have been adapted. The three assessment standards can be easily modified.


    The Comprehensive Risk Standard builds directly off the NIST Cyber Security Framework and SP 800-171 standards as well as the intentions of the EU General Data Protection Regulation and other domestic and international requirements.