Third-party reviews of business partner, vendor, and/or outsourced services provider information security and privacy programs are necessary for organizations that must demonstrate due diligence - not only for government regulators, but also for their customers and board members. For these organizations, it is critical to know that the organizations to whom they have entrusted their data handling and processing functions have sound and effective information security and privacy programs. Using a comprehensive methodology based upon a combination of ISO 27002 and the OECD privacy principles, Cutter Consortium Senior Consultant Rebecca Herold makes these reviews as efficient, comprehensive, and repeatable as possible.