Quote
The Assessor agrees with the Supplier that the Implementation Status is Fully implemented and independently assessed.
For Data Privacy questions, Allianz explicitly instructs Assessors to rely on the vendor’s self-assessment. As per the directive from Allianz on 3rd December 2025, a lack of supporting evidence for answers marked “Fully implemented and independently assessed” or “Fully implemented” shall not result in a downgrade of the risk score or trigger missing evidence escalations. This directive applies exclusively to Data Privacy questions and overrides the usual validation requirements.
The Assessor finds that none of the requirements stated in the guideline can be satisfied by the evidence provided.
That is because [state the reason we disagree based on assessment, such as what the supplied provided that is insufficient, or what they did not provide]
But, because this question falls within the Data Privacy scope, the Assessor accepts the Supplier’s response on the basis of this Allianz directive. The narrative provided by the Supplier indicates that annual training activities occur, and the directive allows acceptance even where supporting evidence is insufficient.
The Assessor therefore finds that the Implementation Status is Fully implemented and independently assessed.
The Gap Severity is therefore Very Low, as defined in the Allianz Gap Severity Matrix.