Quote
The Assessor agrees with the Supplier that the Implementation Status is Fully Implemented and Independently Assessed
For Data Privacy questions, Allianz explicitly instructs Assessors to rely on the vendor’s self-assessment. As per the directive from Allianz on 3rd December 2025, a lack of supporting evidence for answers marked “Fully implemented and independently assessed”, “Fully implemented”, or “Not Applicable” shall not result in a downgrade of the risk score or trigger missing evidence escalations. This directive applies exclusively to Data Privacy questions and overrides the usual validation requirements.
All requirements are satisfied by the evidence provided.
That is because the Supplier provided valid evidence that supports this control being implemented.
Because this question falls within the Data Privacy scope, the Assessor accepts the Supplier’s response on the basis of this Allianz directive. The provided documentation aligns with the Supplier’s declared implementation and supports the presence of a defined compliance function that covers privacy related responsibilities.
The Assessor therefore finds that the Implementation Status is Fully Implemented and Independently Assessed
The Gap Severity is therefore Very Low, as defined in the Allianz Gap Severity Matrix.