Third Party Risk Management (TPRM) is often viewed as a linear process. This is a misunderstanding of the actions that in total represent the processes involved. First, it’s a continuous system, renewing itself in different cycles and frequencies, depending upon the risk level of the third party’s service, and the practices of procurement; second, its[…]
Smart technologies’ home presence grows with each passing day. The work-from-home (WFH) migrations for many workers seeking convenience while coping with “covid-19 encouraged isolation” have spurred this transformation to new levels of ready adoption. Smart thermostats, lights, home security cameras, front doorbells, automobile integration, automated window shades and curtains, TV’s and more, all managed through[…]
Managing third party risk is a primary component of any comprehensive risk management program. Without it, you ignore important external processes, resources, commitments and opportunities that may have specific, critical impacts upon your operating performance, regulatory and legal compliance, and brand reputation. In past discussions, we’ve explored what functions need to be performed to effectively[…]
There are so many challenges facing businesses today as we all focus upon sustaining demand, revenue, and operating infrastructure while confronting new paradigms for staff retention, safety, and service delivery. Technologies we may have just begun to touch like mobile device management, cloud-based infrastructure and remote, digital client services, may suddenly be existential realities needed[…]
All too often when we think of business continuity planning, we think of detailed checklists and tabletop tests, and situations approaching disaster recovery scenarios. We think of key suppliers and residual power supplies, and more. America’s current novel coronavirus situation has many of us finding ourselves facing periods of varying lengths where we will be[…]
Audit and risk management are really two perspectives or “flavors” of the same measurement and inspection processes. In blogs of October and November 2018, I’ve discussed some of the key aspects of these processes and offered some arguments for the benefit of their integration to offer executive management a sharper picture of their true risk[…]
Over the past several articles I’ve gone into some depth about TPRM; why it’s a critical part of managing cyber risk, how to integrate TPRM into your enterprise risk program, and the importance of assessment and governance to the overall effort. In doing so it’s possible this focus has created the impression that TPRM is[…]
Where We Were Diligence mattered, but was relatively straightforward. Not long ago the vendors, suppliers, and other 3rd parties your business engaged with were discreet, independent service or material providers of one sort or another. You communicated by phone, fax, written correspondence or maybe email or EDI. For the most part data flows were simple.[…]
Our last discussion talked about how to present cyber and related risk information to your Board of Directors in a relevant and meaningful manner. Here we’ll explore how a GRC software platform can help organize and structure risk data from multiple sources necessary to perform this analysis to support such meaningful Board level reporting. And[…]
Recently there was a malware attack discovered. “So?”, you might ask? “There’s always a malware attack of some sort or another being identified, reported and measured for its scope and impact.” Well, this one was unique in several ways: First, it seemed to target Mac OS, which is a rarity for technical (its UNIX roots)[…]