× Search

Third Party Vendor Risk Management

Third Party Vendor Risk Management (TPVRM) is the process of due diligence and controlling risks presented to your company, your data, your operations, and your finances by parties OTHER than your own company. Due diligence is the investigative process by which a company or other third party is reviewed to determine its suitability for a given task. Due diligence is an ongoing activity, including review, monitoring, and management communication over the entire vendor lifecycle.

Who are the third parties?

  • Vendors
  • Subcontractors
  • Customers
  • Joint Ventures
  • Counterparties
  • Fourth parties
  • Fifth parties

Why does your business need a Third Party Vendor Risk Management Plan?

  • Reduces likelihood of data breach costs
  • Reduces likelihood of costly operational failures
  • Reduces likelihood of vendor bankruptcy
  • Regulatory mandates may require it
  • Prudent due diligence is an ethical obligation
  • Audits where the risk is
  • Enterprise risk portfolio may expose the organization to its highest risk

Third Party Vendor Risk Management Findings:

  • 70% of companies do not adequately check their third parties security posture, yet over 90% say they will INCREASE their use of third parties
  • Data breaches caused by third parties cost $43 per record more than other breaches, yet account for over 40% of all breaches
  • Effective TPVRM involves combination of oversight and review of the external partner AND implementation of internal controls and processes
  • Given the risk exposure and costs involved, TPVRM can be the single most cost-effective risk management program that a company can implement, and internal audit and InfoSec can contribute in many significant ways.

All organizations need a Third Party Risk Vendor Management strategy that takes a second look at outside vendors. Third Party Risk Management is the context of business strategy, security, objectives, and performance. We can help you develop a vendor risk management strategy that clearly defines security risk to solidify the business relationship, values, and objectives of your organization that can protect you from any potential harm.

Contact RB Advisory

Terms Of UsePrivacy StatementCopyright 2019 by RB Advisory LLC
Back To Top