A claim by an organization that specific policies, processes, controls, procedures or other mitigating techniques to reduce exposure are in place and functioning properly as appropriate to the relationship. In “Trust, but Verify” TPRM environments, assertion statements are often third parties’ responses to a set of questions typically asked by the outsourcer or its agent.