Is Your TPRM A Weak Link In Your Continuity and Cyber Risk Plans?

All too often when we think of business continuity planning, we think of detailed checklists and tabletop tests, and situations approaching disaster recovery scenarios. We think of key suppliers and residual power supplies, and more. America’s current novel coronavirus situation has many of us finding ourselves facing periods of varying lengths where we will be[…]

Third Party Risk Management (TPRM) Made Simple

Over the past several articles I’ve gone into some depth about TPRM; why it’s a critical part of managing cyber risk, how to integrate TPRM into your enterprise risk program, and the importance of assessment and governance to the overall effort. In doing so it’s possible this focus has created the impression that TPRM is[…]

Managing 3rd Party Assessment and Governance

Data provides no value if it doesn’t lead to decisive action to forward business goals or address customer problems successfully.  So, gathering endless amounts of it, as well as compiling or calculating limitless measures offers no guarantee of improved business results. In fact, it can often lead to confusion and clouded views of the key[…]

Integrating Vendor and 3rd Party Security into Your Risk Program

Considering vendor security as part of your own risk program is an accepted best practice. But what exactly does it mean to do so? How do you determine which vendors merit the most attention? What data do you need?  What roles should your legal, compliance, purchasing, IT, and operations resources play?  What access might they[…]

Why Vendor Management Is Critical To Cyber Risk and Security

Where We Were Diligence mattered, but was relatively straightforward. Not long ago the vendors, suppliers, and other 3rd parties your business engaged with were discreet, independent service or material providers of one sort or another.  You communicated by phone, fax, written correspondence or maybe email or EDI. For the most part data flows were simple.[…]

Top