Third party vulnerability scans are scans of your organization from outside the network by a separate company. These scans attempt to identify vulnerabilities in your organization’s Internet facing systems.
The use of a third party can bring more neutrality to the process, as there are no vested interests or assumptions made about the systems that are being scanned. A third party also brings new techniques and new tools to the table, these can reveal vulnerabilities that have not been detected by internal teams.
It is expected that third party vulnerability scans are performed at least annually, but most organizations require quarterly scans. The third party needs to be an organization that is qualified to perform the scans. An Approved Scanning Vendor.(ASV) is required for Payment Card Industry (PCI) certification.