Choose your topics

How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Third-Party Risk Management, GRC

Why Third-Party 360° Situational Risk Awareness is Needed Now More Than Ever

Why Third-Party 360° Situational Risk Awareness is Needed Now More Than Ever
Written by

Michael Rasmussen

Published on

30 Oct 2020

Why Third-Party 360° Situational Risk Awareness is Needed Now More Than Ever


The need for situational awareness

I am a James Bond fan and eagerly anticipate the next James Bond film, “No Time to Die.” Unfortunately, because of the global crisis we all now face, we have to wait until April 2021 to see the film on the big screen. While we wait for this next instalment in the 007 saga, we can still learn and apply what makes the master spy so great to our world of business that is situational awareness.

Today’s organization needs situational awareness. Situational awareness is the perception of the details and events around us and the interpretation of how they can or will impact us to determine our course of action. James Bond looks at the big picture and sees all the details. Situational awareness is needed across the business but is particularly needed in the context of risk in third-party relationships.

Gaining a holistic view of third party risk

Business today is a complex web of third-party relationships. Gone are the days when an organization was defined by brick and mortar walls and traditional employees. Today’s organization is a nested array of suppliers, vendors, outsourcers, contractors, consultants, temporary workers, service providers, brokers, agents, intermediaries, partners, and more.

There are no longer are hard and fast boundaries to the organization as these relationships extend and nest themselves in deep supply chains and subcontracting relationships.

What is troubling about how organizations manage third-party risk is that it is done in disconnected silos.

Different departments have their limited view of the risk a third-party relationship brings to the organization, but no one sees the full situation. They fail to see the big picture of risk across these silos.

This would be like James Bond just looking at one factor of a situation and not all the factors that tell the full story. Consider SPECTRE (Special Executive for Counter-intelligence, Terrorism, Revenge, and Extortion), led by 007’s nemesis Ernst Stavro Blofeld. Throughout the James Bond stories he has to understand the complex operations, supply chain, and movements of this organization to understand their motive and intentions. Looking at just a piece of the puzzle often misleads, but it is the full picture that tells the real risk.



Aggregate the full risk exposure from your third parties

Consider this common scenario when third-party risk is done in different departments that do not collaborate and see the big picture across departments. In a critical third-party relationship, IT security may see the risk as moderate, finance/procurement measures their risk as moderate, legal looking at things like bribery and corruption scores a moderate risk, social accountability looking at human rights defines it as moderate.

All these departments do not sound the alarm on the third-party because the risk is not high and setting off alerts. But if someone actually could step back and see the full situation and the aggregate risk exposure across these departments, they may very well realize that this critical third-party is bringing significant risk exposure to the organization that is not wanted.

Can you rely on your vendors during these uncertain times?

The current global crisis with the COVID-19 pandemic is an excellent example of the need for 360° situational risk awareness in third-party relationships. Right now, organizations need to understand the operational resiliency and viability of their third parties to ensure they are partnering with firms that can weather the current economic storm.

Assessing critical vendor risk quickly and effectively

Organizations need to understand their critical third-parties business continuity capabilities to ensure they can deliver services in this time of crisis. They need to know that their third parties are addressing health and safety concerns within their operations.

They need to understand the social accountability focus of third parties to ensure their reputation and brand will not be hurt in partnering with them in how they respond to the crisis.

And they need to understand the security controls and monitoring being done when the third parties business processes are adapting and could expose the organization’s data and network connections. Seeing all this together gives the organization 360° situational awareness or risk in these relationships.

Instead of siloed processes to assess a limited view of risk in a third-party relationship, organizations need to implement processes and technology that measure and evaluate the full scope of risk exposure in a third-party relationship. This risk needs to be assessed during the onboarding process, but also regularly throughout the lifecycle of the relationship.

Be like James Bond, get a complete grasp of your third-party relationships through situational awareness so you can see the big picture across risks that a single relationship brings to your organization.

Need to assess your critical vendors now to understand your supply chain risk exposure?

Make sure to watch  our webinar where the Father of GRC, Michael Rasmussen from GRC 2020, and SureCloud’s Director of Presales, Ben Dalton,  explore 360 vendor visibility and more.