The need for situational awareness

I am a James Bond fan and eagerly anticipate the next James Bond film, “No Time to Die.” Unfortunately, because of the global crisis we all now face, we have to wait until April 2021 to see the film on the big screen. While we wait for this next instalment in the 007 saga, we can still learn and apply what makes the master spy so great to our world of business that is situational awareness.

Today’s organization needs situational awareness. Situational awareness is the perception of the details and events around us and the interpretation of how they can or will impact us to determine our course of action. James Bond looks at the big picture and sees all the details. Situational awareness is needed across the business but is particularly needed in the context of risk in third-party relationships.

Gaining a holistic view of third party risk

Business today is a complex web of third-party relationships. Gone are the days when an organization was defined by brick and mortar walls and traditional employees. Today’s organization is a nested array of suppliers, vendors, outsourcers, contractors, consultants, temporary workers, service providers, brokers, agents, intermediaries, partners, and more.

There are no longer are hard and fast boundaries to the organization as these relationships extend and nest themselves in deep supply chains and subcontracting relationships.

What is troubling about how organizations manage third-party risk is that it is done in disconnected silos.

Different departments have their limited view of the risk a third-party relationship brings to the organization, but no one sees the full situation. They fail to see the big picture of risk across these silos.

This would be like James Bond just looking at one factor of a situation and not all the factors that tell the full story. Consider SPECTRE (Special Executive for Counter-intelligence, Terrorism, Revenge, and Extortion), led by 007’s nemesis Ernst Stavro Blofeld. Throughout the James Bond stories he has to understand the complex operations, supply chain, and movements of this organization to understand their motive and intentions. Looking at just a piece of the puzzle often misleads, but it is the full picture that tells the real risk.

Assessing critical vendor risk quickly and effectively

Organizations need to understand their critical third-parties business continuity capabilities to ensure they can deliver services in this time of crisis. They need to know that their third parties are addressing health and safety concerns within their operations.

They need to understand the social accountability focus of third parties to ensure their reputation and brand will not be hurt in partnering with them in how they respond to the crisis.

And they need to understand the security controls and monitoring being done when the third parties business processes are adapting and could expose the organization’s data and network connections. Seeing all this together gives the organization 360° situational awareness or risk in these relationships.

Instead of siloed processes to assess a limited view of risk in a third-party relationship, organizations need to implement processes and technology that measure and evaluate the full scope of risk exposure in a third-party relationship. This risk needs to be assessed during the onboarding process, but also regularly throughout the lifecycle of the relationship.

Be like James Bond, get a complete grasp of your third-party relationships through situational awareness so you can see the big picture across risks that a single relationship brings to your organization.

Need to assess your critical vendors now to understand your supply chain risk exposure?

Make sure to watch  our webinar where the Father of GRC, Michael Rasmussen from GRC 2020, and SureCloud’s Director of Presales, Ben Dalton,  explore 360 vendor visibility and more.