“Without information security, it’s not a matter of if you are going to get breached, it’s a matter of when”
– Evan Francen
Third-Party Management Risk Best Practices for 2019
- Document a complete set of third-party risk management practices – policy, program and procedures. Make sure to review and update the documentation as often as needed. The more frequently the better.
- Set very specific standards for acquiring a new third-party and ensure everyone involved understands the critical importance of this stage. Create a list of due diligence must-have requirements for all new vendors. Keep all departments informed and updated on their role, responsibilities and impact on the program.
- Analyze your vendor list and understand the risk level (high, medium and low) each of them poses to your organization. Be sure to have an excellent understanding of who is managing your vendors at any time. Ensure regular checks of the vendors are performed on a regular basis.
- Evaluate the risk of doing business with each vendor and measure to what degree they are critical to your company. Pay close attention to both the business side and regulatory risk significance.
- Introduce robust contract management practices. Keep it all streamlined and integrated to prevent missing key deadlines as they might have a critical impact on your business.
- Get familiar with how your vendors manage supply chain risk management. How do they manage their supply chain risk? Are they audited? When was the last time it happened?
- Update all vendor documentation prioritized by their relative risk level. Create a plan that ensures even low-risk vendors get updated regularly. Establish a scalable structure for handling a new risk assessment, ongoing monitoring/due diligence and communication so that you can stay on top of it as your list of vendors grows with your organization.
- Establish a complete overview that helps you get better visibility on third-party risks and compliance, improve partnerships between involved companies and their third-and-fourth-parties while reducing redundancies.
These 8 best practices will help you deal with third-party risk management with ease in 2019.