Some embodiments of the present disclosure disclose methods and systems for assessing the data risk management capabilities of data processors that receive second-party data as part of an engagement to provide support services. In some embodiments, the transfer of the second-party data to the data processors can be monitored to identify file transfers including unauthorized personally identifiable information (PII) attributes. In some embodiments, the database of the data processor may be scanned to locate any residual second-party data that should be removed after the data processor's engagement to provide the support services have expired.