third party

Tackling the Challenges of Managing Third Party Risk Assessments

Tackling the Challenges of Managing Third Party Risk Assessments

Performing information security risk assessments for third parties has become recognized part of the annual compliance and risk management plan in many companies, particularly in highly-regulated industries. While conducting risk assessments is a day-to-day activity, there are several problem areas that can limit the effectiveness and meeting overall program targets.

What are some of the challenges companies face in developing or managing a third party risk management program?

1. We have thousands of third parties in our company. How do we prioritize vendor risk assessments to address the highest risks first?

Third Party Tiering Since One Size Does Not Fit All

Managing third party risk is a critical challenge facing Information Security leaders today. High-profile data breaches are reported regularly in the media. Regulators are increasing the focus on requirements for identifying and managing risk for third parties, particularly for financial services and retail corporations. In line with added scrutiny on cybersecurity and data breach practices, boards of directors are more frequently raising questions about the state of controls for critical third parties.

Establishing a third party risk management program means tackling several problems, such as the sheer number of third parties to assess. Using a disciplined approach and best practices such as third party tiering can help to reduce the problem to a more manageable size.

What is third party tiering?

Subscribe to RSS - third party