Two-thirds of data breaches occur due to an insecure or poorly managed third-party relationship. Gaining control over your network of vendors is a critical risk activity.
Here at SureCloud, we are passionate about reinventing the way organizations manage vendor risk, including third-party and fourth-party risk.
Below are some key pieces we have created to educate on third party risk, so you have everything you need to know when facing the challenge of tackling your suppliers, vendors, partners, etc.
The Problem with Questionnaires is Human Nature
Questionnaires aren’t inherently bad; they are an efficient means of collecting information across some respondents to form a consistent and comparable set of data.The issue is with the effectiveness, and the primary cause of that ineffectiveness is caused by human involvement in the process. The cognitive process involved in answering questions is quite a resource intensive for the respondent…
Blog 1: Approaching Questionnaires – Obtaining Requirements
The first step in the process is to collect the requirement for the assessment. It is not unusual for organizations to skip this step and move directly to drafting a long list of questions. Organizations are conducting third party assessments to support a purpose. The danger is that without a clear goal, the person writing the questions will pass it around to various people who will, in turn, add questions to it…
Blog 2: Approaching Questionnaires – Decision Orientated Requirements
When thinking about questionnaires, we need to plan what to do with the information. This move to decision-orientated research is far superior to the approach of obtaining data simply for the sake of having more information or expecting an epiphany from the data set. This decision-orientated approach is helpful because it will cut through the inefficiency of collecting data that you have no intention of making any decision on…
Blog 3: The Threshold Levels Needed for Third Party Questionnaires
The final part of requirements is to understand the threshold which must be achieved for each of the elements. We’ve created a simple framework example for pulling together your organization’s requirements for third party questionnaires…
Blog 4: The Recommended Research Process for Formulating Questionnaires
During the research phase, we need to concentrate on determining what information we need to support our decision. This will require some research across the internal organization to find out what we need to make that decision…
Blog 5 – The Planning Phase of Building Questionnaires
The next phase is to plan out the questionnaire. The first thing to consider is the survey method. This paper focuses on questionnaire assessments, but there are other methods of survey such as audits, face-to-face interviewing, telephone interviews. Additionally, there will not be just one assessment over the life of the third-party relationship. Once we have established the survey type, we can then think about satisfying the information needs identified in the requirements and research phase…
Blog 6- Writing Clear Questions
In the sixth installment of our Third Party Risk blog series, Alex will be exploring the importance of clear communication for collecting accurate information from your third parties. He will be providing 8 key rules for how to write well thought out questions, three of which are exclusive to this series.
Explore the published blogs here:
Additional Third Party Reads:
White Paper: The Secrets of Taming the Monstrous Problem of Third-Party Risk
Data breaches are a growing problem; since 2005, over 10 billion consumer records have been compromised. For large enterprises, each data breach can result in lost revenue of £1.3m. One of the main culprits of data breaches are third-parties that organizations engage to perform key functions within the business. It’s the weaknesses within their infrastructure, and the services they provide, that can often leave you vulnerable.
Increasing Exposure of Third-Party Risks
Brick and mortar business is a thing of the past: physical buildings and conventional employees no longer define an organization. The modern organization is an interconnected mess of relationships and interactions that span traditional business boundaries.
Guest Blog: Managing Risk Across Third-Party Relationships
The physicist, Fritjof Capra, made an insightful observation on living organisms and ecosystems that also rings true when applied to third-party risk management: “The more we study the major problems of our time, the more we come to realize that they cannot be understood in isolation. They are systemic problems, which means that they are interconnected and interdependent.”
It’s Not You, it’s Them: The Importance of Third-Party Risk Management
These third parties can offer a strategic advantage and business value, helping organizations to offer cutting-edge services and focus on their own area of specialization. But they can also present a number of risks that may have a knock-on effect on business, causing issues ranging from temporary service disruptions to complete shut-down.
The Questions you should be asking yourself when managing your Third-Party Risks…
By assessing and tracking the potential risks your suppliers may pose, keeping good records and ensuring communication and transparency is paramount, you can lower the chances of encountering risks like those described here.