TruSight was founded by a consortium of leading financial services companies, including American Express, Bank of America, Bank of New York Mellon, JPMorgan Chase, and Wells Fargo. Their goal was to harness their collective financial expertise and combine their best practices into a consistent assessment methodology that elevates standards and simplifies the process of managing third-party relationships and the associated risk.
Microsoft and TruSight
TruSight is a third-party risk-assessment utility created by leading US banks for the collective benefit of financial institutions, their suppliers, partners, and other third parties. TruSight simplifies assessments by executing best-practice, standardized evaluations once and making them available to many — enabling financial institutions to gain greater visibility into potential risks and manage third-party relationships more efficiently and effectively.
The foundation of TruSight’s methodology is the robust, standardized Best Practices Questionnaire (BPQ) created by TruSight’s founding banks and updated in partnership with their customers and industry experts. Its 27 diversified control domains are designed to meet the industry’s evaluation needs across the categories of information and cyber security, privacy, business resiliency, and other operational risk domains.
For Microsoft, TruSight conducted a rigorous and comprehensive onsite assessment of Microsoft Azure, Microsoft Dynamics 365, and Microsoft Office 365 to validate the design and implementation of controls according to BPQ requirements. The comprehensive validation procedures included structured inquiries, policy and procedure inspections, reviews with supporting evidence, and onsite dynamic control observations.
In September 2018, TruSight issued its first risk assessment of Microsoft cloud services, Comprehensive Assessment of Microsoft Cloud. Microsoft will now undergo annual TruSight reviews to ensure that the assessment remains current and reflects new regulatory requirements and technology updates in Microsoft services. TruSight is expected to issue its first expanded update of the report in the fall of 2019.
As a result of this rigorous TruSight evaluation, financial services customers now have access on demand to a high-quality assessment of Microsoft cloud services based on standardized, industry-backed methodology without having to expend the considerable resources they would need to conduct it themselves.
Microsoft in-scope cloud services
Audits, reports, and certificates
To purchase the Comprehensive Assessment of Microsoft Cloud report, contact firstname.lastname@example.org. TruSight updates its assessment annually of our cloud services to ensure alignment with the latest regulatory requirements and advancements in Microsoft technology.
How to implement
- Risk Assessment & Compliance Guide: Create a governance model for risk assessment of Microsoft cloud services, and regulator notification.
- Financial use cases: Use case overviews, tutorials, and other resources to build Azure solutions for financial services.
- US financial services regulation: How Microsoft online services align with key regulatory expectations for US financial institutions.
Frequently asked questions
What are the benefits of relying on the TruSight assessment of Microsoft enterprise cloud services?
- Cost reallocation: The TruSight report eliminates the need for financial institutions to conduct their own costly, time-consuming assessments, enabling them to focus their resources on managing — rather than assessing — risk.
- Improved quality: The TruSight methodology has established a consistent set of standards, which improves the quality and accuracy of information available from third parties.