Submit Search
Upload
Do you really know your third party providers?
•
0 likes
•
21 views
J
Jay Crossland
Follow
How to identify and evaluate third-party providers
Read less
Read more
Business
Report
Share
Report
Share
1 of 4
Download now
Download to read offline
Recommended
Third Party Risk Management
Third Party Risk Management
EC-Council
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018
Deloitte UK
Third Party Risk Management Introduction
Third Party Risk Management Introduction
Naveen Grover
Third-Party Risk Management
Third-Party Risk Management
Mark Scales
Third-Party Oversight & Governance
Third-Party Oversight & Governance
EDR
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
NICSA
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
Frederic Girardeau-Montaut
Recommended
Third Party Risk Management
Third Party Risk Management
EC-Council
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018
Deloitte UK
Third Party Risk Management Introduction
Third Party Risk Management Introduction
Naveen Grover
Third-Party Risk Management
Third-Party Risk Management
Mark Scales
Third-Party Oversight & Governance
Third-Party Oversight & Governance
EDR
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
Third-Party Risk Management: A Case Study in Oversight
Third-Party Risk Management: A Case Study in Oversight
NICSA
FSI_Third Party Risk Management_Deloitte PoV
FSI_Third Party Risk Management_Deloitte PoV
Frederic Girardeau-Montaut
Crossland Advisors Services
Crossland Advisors Services
Jay Crossland
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
GRC-Xrev
GRC-Xrev
David Roe
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
Colleen Beck-Domanico
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
oneneckitservices
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management Perspective
Argyle Executive Forum
TI Managing Third Party Risk
TI Managing Third Party Risk
The Business Council of Mongolia
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growth
Grant Thornton LLP
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
Marco Villacorta Olano
The Future of Effective Governance
The Future of Effective Governance
Information Services Group (ISG)
Mitigating Physician Contracting Risk
Mitigating Physician Contracting Risk
MD Ranger, Inc.
Integrated GRC
Integrated GRC
Transcendent Group
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Grant Thornton LLP
Acfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodhar
Parag Deodhar
Cloud x traditional outsourcing dis similarities in risk management
Cloud x traditional outsourcing dis similarities in risk management
Alfredo Saad
Why Outsource Application Management?
Why Outsource Application Management?
oneneckitservices
[Webinar] Contractor Management: What is the Return on Investment (ROI)?
[Webinar] Contractor Management: What is the Return on Investment (ROI)?
browzcompliance
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
EDR
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
GaneshMeenakshiSunda4
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
More Related Content
What's hot
Crossland Advisors Services
Crossland Advisors Services
Jay Crossland
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
GRC-Xrev
GRC-Xrev
David Roe
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
Colleen Beck-Domanico
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
oneneckitservices
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management Perspective
Argyle Executive Forum
TI Managing Third Party Risk
TI Managing Third Party Risk
The Business Council of Mongolia
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growth
Grant Thornton LLP
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
Marco Villacorta Olano
The Future of Effective Governance
The Future of Effective Governance
Information Services Group (ISG)
Mitigating Physician Contracting Risk
Mitigating Physician Contracting Risk
MD Ranger, Inc.
Integrated GRC
Integrated GRC
Transcendent Group
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Grant Thornton LLP
Acfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodhar
Parag Deodhar
Cloud x traditional outsourcing dis similarities in risk management
Cloud x traditional outsourcing dis similarities in risk management
Alfredo Saad
What's hot
(17)
Crossland Advisors Services
Crossland Advisors Services
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
GRC-Xrev
GRC-Xrev
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management Programs
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management Perspective
TI Managing Third Party Risk
TI Managing Third Party Risk
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growth
GP_for_Third_Party_Anti-Corruption_product_sheet
GP_for_Third_Party_Anti-Corruption_product_sheet
The Future of Effective Governance
The Future of Effective Governance
Mitigating Physician Contracting Risk
Mitigating Physician Contracting Risk
Integrated GRC
Integrated GRC
An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessments
Acfe bangalore pdm 2 fraud risk - parag deodhar
Acfe bangalore pdm 2 fraud risk - parag deodhar
Cloud x traditional outsourcing dis similarities in risk management
Cloud x traditional outsourcing dis similarities in risk management
Similar to Do you really know your third party providers?
Why Outsource Application Management?
Why Outsource Application Management?
oneneckitservices
[Webinar] Contractor Management: What is the Return on Investment (ROI)?
[Webinar] Contractor Management: What is the Return on Investment (ROI)?
browzcompliance
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
EDR
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
GaneshMeenakshiSunda4
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
NICSA
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
Skoda Minotti
Vendor Management Buyers Guide
Vendor Management Buyers Guide
NAFCU Services Corporation
It62015 slides
It62015 slides
Jim Kaplan CIA CFE
My slides
My slides
veronikako
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016
Rich Lawrence
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to Know
Chris Mullins
it outsourcing.pdf
it outsourcing.pdf
Vograce
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
Verizon 2014 pci compliance report
Verizon 2014 pci compliance report
Bee_Ware
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
- Mark - Fullbright
Accounts Payable Outsourcing: Streamlining Financial Processes Introduction
Accounts Payable Outsourcing: Streamlining Financial Processes Introduction
MYND Solution
Solvency II Offering
Solvency II Offering
Thinksoft Global
Senior In-Home Care Service Market is expected to offer significant growth at...
Senior In-Home Care Service Market is expected to offer significant growth at...
RinsuAnnaSinu
Supply chain risks
Supply chain risks
Neik Lee
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
CBIZ, Inc.
Similar to Do you really know your third party providers?
(20)
Why Outsource Application Management?
Why Outsource Application Management?
[Webinar] Contractor Management: What is the Return on Investment (ROI)?
[Webinar] Contractor Management: What is the Return on Investment (ROI)?
Vendor Management Best Practices: Is Your Program Up to Par?
Vendor Management Best Practices: Is Your Program Up to Par?
Account Right SOC Services brochure.pptx
Account Right SOC Services brochure.pptx
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
Vendor Management Buyers Guide
Vendor Management Buyers Guide
It62015 slides
It62015 slides
My slides
My slides
Outsourcing GIA Accounting whitepaper 2016
Outsourcing GIA Accounting whitepaper 2016
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to Know
it outsourcing.pdf
it outsourcing.pdf
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Verizon 2014 pci compliance report
Verizon 2014 pci compliance report
Verizon 2014 PCI Compliance Report
Verizon 2014 PCI Compliance Report
Accounts Payable Outsourcing: Streamlining Financial Processes Introduction
Accounts Payable Outsourcing: Streamlining Financial Processes Introduction
Solvency II Offering
Solvency II Offering
Senior In-Home Care Service Market is expected to offer significant growth at...
Senior In-Home Care Service Market is expected to offer significant growth at...
Supply chain risks
Supply chain risks
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016
Recently uploaded
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
dollysharma2066
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
Aaiza Hassan
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
Khaled Al Awadi
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
soniya singh
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
Perry Belcher
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
Ariel592675
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
lizamodels9
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
Orient Homes
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
lizamodels9
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
lizamodels9
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Shawn Pang
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
Recruitment Process Outsourcing Association
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
Orient Homes
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
noida100girls
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Ayesha Khan
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
Neil Kimberley
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
HajeJanKamps
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
AbhayThakur200703
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Stunning ➥8448380779▻ Call Girls In Hauz Khas Delhi NCR
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
lizamodels9
Recently uploaded
(20)
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
Call Girls In ⇛⇛Chhatarpur⇚⇚. Brings Offer Delhi Contact Us 8377877756
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
NewBase 22 April 2024 Energy News issue - 1718 by Khaled Al Awadi (AutoRe...
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
(8264348440) 🔝 Call Girls In Hauz Khas 🔝 Delhi NCR
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
A.I. Bot Summit 3 Opening Keynote - Perry Belcher
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Catalogue ONG NUOC PPR DE NHAT .pdf
Catalogue ONG NUOC PPR DE NHAT .pdf
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Best Practices for Implementing an External Recruiting Partnership
Best Practices for Implementing an External Recruiting Partnership
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
CATALOG cáp điện Goldcup (bảng giá) 1.4.2024.PDF
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Non Text Magic Studio Magic Design for Presentations L&P.pptx
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Call Girls In Kishangarh Delhi ❤️8860477959 Good Looking Escorts In 24/7 Delh...
Do you really know your third party providers?
1.
Page 1 of
4 Crossland Advisors, Inc. http://crosslandadvisors.com/ 610-365-4852 Copyright © 2020 Do You Really Know Your Third-Party Providers? Almost every organization has at least one if not a multitude of third-party vendors providing various services or goods that are critical to daily operations. Does your organization know: • All of the third-party providers being used? • The services or products being provided? • Key provider contacts? • Key organization liaisons for each provider? • Contractual obligations with each provider? • Service level agreements for each provider? • The financial viability of each provider? • The controls implemented by each provider and the operating effectiveness of those controls? • The risks to the organization? The Definition The simple definition of a third-party provider is any vendor that is performing a service or providing a product that could be performed or produced internally if the required resources were available. Examples would be consultants, contractors, IT services, claims processing, and other outsourced production or services. Products and services such as office supplies and utilities are not considered third-party providers. The Population While it may seem easy to identify all of the third-party providers being used throughout the organization, it can be a challenge. Initially, request a list of third-party providers (using the established definition) from each area of the organization. To make sure all third-party providers are identified, request a listing of all vendor payments for the past twelve (12) months from Accounts Payable. Using the established third-party provider definition, confirm the population of third-party providers being used throughout the organization. Filling in the Details Using the verified population of third-part providers, create a database listing the details for each, such as: • Products or services being provided • Provider contacts • Assigned organization liaison
2.
Page 2 of
4 Crossland Advisors, Inc. http://crosslandadvisors.com/ 610-365-4852 Copyright © 2020 • Contract terms • Service level agreements • Last risk assessment • Required provider documentation (e.g. SOC reports, Shared Assessment/SIG, Agreed Upon Procedures) • Evaluation frequency The Risk Assessment An effective third-party provider management process includes each provider being evaluated based on a number of key categories. Common risk categories are: • Operational • Financial • Reputational • Regulatory • Security and Privacy • Business Continuity • Geographic Each provider should be assigned a risk ranking based on these categories. A weighted scoring process is typically used to assign a risk ranking. The weighted scoring will vary based on the type of organization and industry. Smaller organizations may be highly dependent on third-party providers and therefore may assign more weight to certain risk categories such as operational and business continuity. Organizations in healthcare and finance will most likely need to assign more weight to regulatory risk, security and privacy. The risk ranking should be used to determine the frequency of subsequent evaluations and required provider documentation (e.g. SOC reports, Shared Assessment/SIG, Agreed Upon Procedures). The risk assessment should result in each third-party provider being assigned to a risk tier. Common risk tiers are: • Critical • High • Medium • Low Since the products or services being provided by the third-party are an extension of the organization, there should be an expectation that the third-party provider will have at least the
3.
Page 3 of
4 Crossland Advisors, Inc. http://crosslandadvisors.com/ 610-365-4852 Copyright © 2020 same level of controls (operational, financial, reputational, regulatory, security/privacy, business continuity) as if those products or services were produced or performed internally. Re-Evaluation Frequency and Procedures The risk tier assignment from the risk assessment normally determines the re-evaluation frequency; however, unplanned events could accelerate or delay a re-evaluation. Typical re- evaluation frequencies are: • Critical – quarterly or semi-annually • High – semi-annually or annually • Medium – annually or every two years • Low – every two or three years The re-evaluation process should include: • Confirming the products or services being provided • Confirming provider contacts • Confirming the assigned organization liaison • Confirming contract terms and service level agreements • Analyzing financial viability • Obtaining and reviewing required provider documentation (e.g. SOC reports, Shared Assessment/SIG, Agreed Upon Procedures) • Performing a new risk assessment • Reviewing the controls implemented by each provider and the operating effectiveness of those controls New Third-Party Providers The new third-party evaluation process should be rigorous to make sure the organization is not taking unnecessary risks; due diligence is crucial. Ideally, the new third-party evaluation process should be completed before any contractual agreements are executed. Each new third-party provider should be added to the population database along with all pertinent information. A risk assessment and all re-evaluation procedures listed above should be completed as part of the evaluation process and prior to executing any contracts. This provides the organization with the information needed to make a final decision.
4.
Page 4 of
4 Crossland Advisors, Inc. http://crosslandadvisors.com/ 610-365-4852 Copyright © 2020 While it may be a prudent to use third-party providers, always remember that YOU OWN THE RISK! Therefore, identifying, understanding and evaluating the third-party provider risks is critical to the organization. Related article: Evaluating Service Organization Control Reports https://www.slideshare.net/JayCrossland/evaluating-service-organization-control-reports-76805927 Crossland Advisors provides IT risk and control services to a number of industries, including: • Manufacturing • Pharmaceuticals • Healthcare • Financial Services • Insurance • Government • Retail • Utilities Our extensive experience allows us to develop real world solutions to complex challenges. We use a process-focused risk-based approach and are able to relate leading practices and improvements to understand, anticipate and address a wide variety of information system risk and process issues. Crossland Advisors is ready to work with you to satisfy your IT risk and control needs.
Download now