Performing information security risk assessments for third parties has become recognized part of the annual compliance and risk management plan in many companies, particularly in highly-regulated industries. While conducting risk assessments is a day-to-day activity, there are several problem areas that can limit the effectiveness and meeting overall program targets.
What are some of the challenges companies face in developing or managing a third party risk management program?
1. We have thousands of third parties in our company. How do we prioritize vendor risk assessments to address the highest risks first?