S&P Global Know Your Third Party Risk Assessment
(KY3P)
Overview
Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) third-party risk assessment.
Customers can now leverage AWS’s KY3P assessment to reduce their supplier due-diligence burden. KY3P’s globally recognized methodology provides organizations with enhanced visibility into supply chain risks by validating the actual implementation and operation of controls—not just policies or attestations.
FAQs
Open allKY3P, also known as the S&P Global Comprehensive Assessment (formerly TruSight), is a validated, evidence-based assessment designed to support regulatory compliance and efficient, standardized risk data exchange between AWS and our clients. KY3P’s globally recognized methodology provides organizations with enhanced visibility into supply chain risks by validating the actual implementation and operation of controls - not just policies or attestations.
Customers can now use the AWS KY3P assessment to reduce their supplier due-diligence burden.
AWS Customers can leverage the KY3P assessment to perform their supplier due diligence process on AWS.
Customers can request the latest assessment report directly via the KY3P website.
KY3P’s risk assessment methodology includes over 200 controls across 26 control categories and nine risk domains. These topics include Privacy, Network Management, Logical Access Management, as well as Physical and Environmental Security. The assessment criteria were developed by a consortium of leading financial institutions.
Customers can use the KY3P results to map AWS against commonly used industry frameworks and standards, such as NIST CSF v2, PCI DSS 4.0, and ISO 27001:2022 to instantly gain visibility into controls coverage.
The assessment is updated annually to ensure regulatory and technical alignment.