Two-thirds of data breaches occur due to an insecure or poorly managed third-party relationship. Gaining control over your network of vendors is a critical risk activity.
Here at SureCloud, we are passionate about reinventing the way organizations manage vendor risk, including third-party and fourth-party risk.
Below are some key pieces we have created to educate on third party risk management, so you have everything you need to know when facing the challenge of tackling your suppliers, vendors, partners, etc.
Third-Party Risk Management Blog Series:
The Problem with Questionnaires is Human Nature
Questionnaires aren’t inherently bad; they are an efficient means of collecting third-party information across some respondents to form a consistent and comparable set of data. The issue is with the effectiveness, and the primary cause of that ineffectiveness is caused by human involvement in the process. The cognitive process involved in answering questions is quite a resource-intensive for the respondent.
Blog 1: Approaching Questionnaires – Obtaining Requirements
The first step in the process is to collect the requirement for the assessment. It is not unusual for organizations to skip this step and move directly to drafting a long list of questions. Organizations are conducting third party risk assessments to support a purpose. The danger is that without a clear goal, the person writing the questions will pass it around to various people who will, in turn, add questions to it…
Blog 2: Approaching Questionnaires – Decision Orientated Requirements
When thinking about questionnaires, we need to plan what to do with the information. This move to decision-orientated research is far superior to the approach of obtaining data simply for the sake of having more information or expecting an epiphany from the data set. This decision-orientated approach is helpful because it will cut through the inefficiency of collecting third-party data that you have no intention of making any decision on…
Blog 3: The Threshold Levels Needed for Third-Party Questionnaires
The final part of requirements is to understand the threshold which must be achieved for each of the elements. We’ve created a simple framework example for pulling together your organization’s requirements for third party questionnaires…
Blog 4: The Recommended Research Process for Formulating Questionnaires
During the research phase, we need to concentrate on determining what third-party information we need to support our decision. This will require some research across the internal organization to find out what we need to make that decision…
Blog 5 – The Planning Phase of Building Questionnaires
The next phase is to plan out the questionnaire. The first thing to consider is the survey method. This paper focuses on questionnaire assessments, but there are other methods of survey such as audits, face-to-face interviewing, and telephone interviews. Additionally, there will not be just one assessment over the life of the third-party relationship. Once we have established the survey type, we can then think about satisfying the information needs identified in the requirements and research phase…
Blog 6- Writing Clear Questions
In the sixth instalment of our Third-Party Risk Management blog series, Alex will be exploring the importance of clear communication for collecting accurate information from your third parties. He will be providing 8 key rules for how to write well thought out questions, three of which are exclusive to this series.
Blog 7- The Do’s and Don’ts For Making Questions Answerable
In the seventh instalment, Alex will explore the do’s and don’ts on how to write answerable questions. This will include the importance of allowing respondents to communicate their uncertainty.
Blog 8 – Increasing Questionnaire Respondent’s Level of Engagement
In the eighth instalment, Alex will discuss how to increase the readability of your questions for your Third-Party Risk Management questionnaires. This will include reducing the length of the questions and engaging more of the senses.
Blog 9- Importance of Cutting Down your Questionnaire
In the ninth instalment, Alex will continue to discuss the importance of shortening your questionnaires to ensure you have your readers attention. This will include the science behind your respondents’ concentration levels and the number of questions asked.
Blog 10 – Increasing the Reliability of your Respondent’s Answers
In the tenth installment, we will continue to discuss the importance of shortening your questionnaires to ensure you have your readers attention. Alex will explain how simply providing the most suitable questionnaire options, you can increase the reliability of your respondents’ answers.
Blog 11 – How to Write Effective Open Questions
In the eleventh installment, Alex will explore the positives and negatives to using an open question in your questionnaire, detailing the techniques on how to get the most reliable answer from your respondent.
Blog 12 – Testing your Third Party Questionnaire
In the twelfth installment of the blog series, we will explore the steps that should be taken to test your questionnaire before you run your third-party assessment.
Explore the published blogs here:
Blog Series: “The Problem with Questionnaires is Human Nature.”
Read Blog 1: “Approaching Questionnaires: Obtaining Requirements.”
Read Blog 2: “Approaching Questionnaires: Decision Orientated Requirements.”
Read Blog 3: “The Threshold Levels Needed for Third Party Questionnaires.”
Read Blog 4: “The Recommended Research Process for Formulating Questionnaires.”
Read Blog 5: “The Planning Phase of Building Questionnaires.”
Read Blog 6: “Writing Clear Questions”
Read Blog 7: “The Do’s and Don’ts For Making Questions Answerable”
Read Blog 8: “Increasing Questionnaire Respondents’ Level of Engagement”
Read Blog 9: “Importance of Cutting Down your Questionnaire”
Read Blog 10- “Increasing the Reliability of your Respondents’ Answers”
Read Blog 11- “How to Write Effective Open Questions”
Read Blog 12- “Testing your Third Party Questionnaire”
Additional Third Party Reads:
White Paper: The Secrets of Taming the Monstrous Problem of Third-Party Risk
Data breaches are a growing problem; since 2005, over 10 billion consumer records have been compromised. For large enterprises, each data breach can result in lost revenue of £1.3m. One of the main culprits of data breaches are third-parties that organizations engage to perform key functions within the business. It’s the weaknesses within their infrastructure, and the services they provide, that can often leave you vulnerable.
Increasing Exposure of Third-Party Risks
Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mess of relationships and interactions that span traditional business boundaries.
Guest Blog: Managing Risk Across Third-Party Relationships
The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to third-party risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected and interdependent.”
It’s Not You, it’s Them: The Importance of Third-Party Risk Management
These third parties can offer a strategic advantage and business value, helping organizations to offer cutting-edge services and focus on their own area of specialization. But they can also present a number of third-party risks that may have a knock-on effect on business, causing issues ranging from temporary service disruptions to complete shut-down.
The Questions you should be asking yourself when managing your Third-Party Risks…
By assessing and tracking the potential third-party risks your suppliers may pose, keeping good records and ensuring communication and transparency is paramount, you can lower the chances of encountering risks like those described here.