Login to MyACC
ACC Members

Not a Member?

The Association of Corporate Counsel (ACC) is the world's largest organization serving the professional and business interests of attorneys who practice in the legal departments of corporations, associations, nonprofits and other private-sector organizations around the globe.

Join ACC

Routine assessment of third-party data protection is now a regulatory obligation.

Your third-party service providers can be weak links exposing your company to data breaches and privacy violations.


In fact, in as much as 50% of breaches, access through a third party is the entry mechanism for cybercriminals.


Notably, only 6% of respondents for the ACC Foundations: The State of Cybersecurity Report say they have the highest degree of confidence that their third-party vendors protect them from cybersecurity risks.

Are you conducting diligence on every third party that has access to your systems or data?

The increase in third parties processing regulated data and the surge in third-party data protection 
violations and breaches means third-party risk assessments should be a top priority for general counsel.


Consider These Questions

   Do you assess all third-party service providers?

   Are your assessments conducted using spreadsheets?

   Can you demonstrate effective compliance?

   Are you meeting your regulatory obligations?

Request a Demo

Meet Your Regulatory Obligations Effectively

ACC Vendor Risk Service is the only solution that quickly identifies which third parties require comprehensive assessment according to key regulations like the GDPR, 23NYCRR 500, FARs, and others.

With this robust platform, you'll...

  • Understand the nature of your relationships with third parties, so you can ensure you conduct appropriate and ongoing diligence.
  • Quickly identify where vendors exceed risk thresholds and which regulations they are subject to, like the GDPR, FAR and more.
  • Gather the reporting necessary to conduct effective privacy impact assessments on third parties, as necessary.
  • Gain insights necessary to work with your IT team on appropriate remediation steps.
  • Develop exceptional documentation to demonstrate your ongoing diligence efforts.
  • Profile each vendor and gain information needed to inform your contracts.


Leverage powerful technology to expand the reach and effectiveness of your third-party due diligence efforts.

All our survey standards are based on recognized cyber security standards and designed for fast, accurate responses from your vendors.

Incorporate the Law Firm Survey standard (based on the ACC Model Controls) to help identify some of your most pressing risks.

Your largest third parties are not your greatest risk. Use the Vendor Risk Profilestandard to assess your presumed "low risk" vendors.


   World-class question sets based on recognized and reasonable frameworks.

   Effective insights and reporting to identify risks and avoid unnecessary incidents.

   Fully-automated distribution, reminders and reporting.

   Vendors can distribute question sets to internal experts for more accurate and rapid responses.

   Flexibility to modify surveys to meet your specific needs.

   Documented processes to support your practices when an incident happens.

   Preset surveys based on recognized international frameworks.

   Preset heat mapping to help streamline your vendor review process.

   Support from our professional services team.

Built on Globally Recognized Frameworks and Standards

   For the ACC Vendor Risk Service, recognized frameworks and models have been adapted. The three assessment standards can be easily modified.

   The Comprehensive Risk Standard builds directly off the NIST Cyber Security Framework and SP 800-171 standards as well as the intentions of the EU General Data Protection Regulation and other domestic and international requirements.

   The Law Firm Standard was created from the ACC Law Firm Cybersecurity Questionnaire and Guide.


ACC Vendor Risk Service

Request a Demo