Over a number of past articles, we’ve explored the why, what, and how of Third Party Risk Management (TPRM). Looking back there’s much to review about the nature of the processes and methods that help companies understand the risks associated with partner, supplier, provider, and even inspector relationships. Some provide key services, some backup resources[…]
In prior articles we’ve explored why third-party risk management (TPRM) is an essential part of comprehensive risk management, and what steps need to be taken to assemble and execute an effective TPRM process. In this article, we’ll explore approaches to make those steps scalable and efficient without sacrificing quality, all while managing overall associated costs.[…]
Managing third party risk is a primary component of any comprehensive risk management program. Without it, you ignore important external processes, resources, commitments and opportunities that may have specific, critical impacts upon your operating performance, regulatory and legal compliance, and brand reputation. In past discussions, we’ve explored what functions need to be performed to effectively[…]
Cyber risk is adaptive. As you reconfigure operations to function with much of your staff resources working remotely, your risk footprint, vulnerabilities, and threat vectors adjust too, and realign right along. So, the question becomes how adroitly will your defenses, detection capabilities, recovery, and remediation strategies address these risk opportunities? Cybersecurity employs numerous technical components.[…]
All too often when we think of business continuity planning, we think of detailed checklists and tabletop tests, and situations approaching disaster recovery scenarios. We think of key suppliers and residual power supplies, and more. America’s current novel coronavirus situation has many of us finding ourselves facing periods of varying lengths where we will be[…]
Over the past several articles I’ve gone into some depth about TPRM; why it’s a critical part of managing cyber risk, how to integrate TPRM into your enterprise risk program, and the importance of assessment and governance to the overall effort. In doing so it’s possible this focus has created the impression that TPRM is[…]
Data provides no value if it doesn’t lead to decisive action to forward business goals or address customer problems successfully. So, gathering endless amounts of it, as well as compiling or calculating limitless measures offers no guarantee of improved business results. In fact, it can often lead to confusion and clouded views of the key[…]
Considering vendor security as part of your own risk program is an accepted best practice. But what exactly does it mean to do so? How do you determine which vendors merit the most attention? What data do you need? What roles should your legal, compliance, purchasing, IT, and operations resources play? What access might they[…]
Where We Were Diligence mattered, but was relatively straightforward. Not long ago the vendors, suppliers, and other 3rd parties your business engaged with were discreet, independent service or material providers of one sort or another. You communicated by phone, fax, written correspondence or maybe email or EDI. For the most part data flows were simple.[…]