Advertisement
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19
Supplier Assurance During COVID-19

Check these out next

Vendor Risk Management - Find It Before It Finds You
Vendor Risk Management - Find It Before It Finds You
Chad Kreimendahl
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
TrustArc
OneTrust: Securing the Supply Chain: What Does Compliance Look Like?
OneTrust: Securing the Supply Chain: What Does Compliance Look Like?
Executive Leaders Network
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SureCloud
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management
MMV Webinar 1. GDPR Perspectives. November 2017
MMV Webinar 1. GDPR Perspectives. November 2017
Match-Maker Ventures
ThirdPartyOversight
ThirdPartyOversight
Molly Dowdy
#FIRMday Manchester - 15 Oct 2015 - Best practice in people screening programmes
#FIRMday Manchester - 15 Oct 2015 - Best practice in people screening programmes
Emma Mirrington
1 of 33

Supplier Assurance During COVID-19

May. 14, 2020
Download to read offline
Technology

Advice from SureCloud's Alex Hollis VP of GRC Services and Matthew Davies Product Marketing Director: - Third-Party Risk Management Checklist - What should you be asking your suppliers now? - Why your fourth parties are so important - Embedding your risk & control culture in your suppliers - Using technology to enhance your program

SureCloud
SureCloud
Advertisement
Advertisement
Advertisement

Recommended

Is cyber security now too hard for enterprises? Is cyber security now too hard for enterprises?
Is cyber security now too hard for enterprises? Pierre Audoin Consultants793 views16 slides
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...DVV Solutions Third Party Risk Management179 views21 slides
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019DVV Solutions Third Party Risk Management104 views13 slides
Supply Chain and Third-Party Risks During COVID-19Supply Chain and Third-Party Risks During COVID-19
Supply Chain and Third-Party Risks During COVID-19Sophia Price145 views16 slides
ManagingRiskWithVDRManagingRiskWithVDR
ManagingRiskWithVDRjokeung120 views8 slides
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActTrustArc367 views28 slides

More Related Content

Similar to Supplier Assurance During COVID-19(20)

Vendor Risk Management - Find It Before It Finds YouVendor Risk Management - Find It Before It Finds You
Vendor Risk Management - Find It Before It Finds You
Chad Kreimendahl190 views
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
2020 Global Privacy Survey: Emerging Trends, Benchmarking Research and Best P...
TrustArc172 views
OneTrust: Securing the Supply Chain: What Does Compliance Look Like?OneTrust: Securing the Supply Chain: What Does Compliance Look Like?
OneTrust: Securing the Supply Chain: What Does Compliance Look Like?
Executive Leaders Network51 views
SMCR The Chicken & The Pig with GRC2020 & SureCloudSMCR The Chicken & The Pig with GRC2020 & SureCloud
SMCR The Chicken & The Pig with GRC2020 & SureCloud
SureCloud14 views
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
DVV Solutions Third Party Risk Management313 views
MMV Webinar 1. GDPR Perspectives. November 2017MMV Webinar 1. GDPR Perspectives. November 2017
MMV Webinar 1. GDPR Perspectives. November 2017
Match-Maker Ventures175 views
ThirdPartyOversightThirdPartyOversight
ThirdPartyOversight
Molly Dowdy325 views
#FIRMday Manchester - 15 Oct 2015 - Best practice in people screening programmes#FIRMday Manchester - 15 Oct 2015 - Best practice in people screening programmes
#FIRMday Manchester - 15 Oct 2015 - Best practice in people screening programmes
Emma Mirrington439 views
#FIRMDAY 15th October 2015 Manchester - Best practice in people screening pro...#FIRMDAY 15th October 2015 Manchester - Best practice in people screening pro...
#FIRMDAY 15th October 2015 Manchester - Best practice in people screening pro...
Emma Mirrington134 views
How To Integrate Business Risk & IT Risk How To Integrate Business Risk & IT Risk
How To Integrate Business Risk & IT Risk
SureCloud28 views
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
Sarah Fane108 views
Tackling Compliance When it Becomes Your Biggest Performance Bottleneck.pdfTackling Compliance When it Becomes Your Biggest Performance Bottleneck.pdf
Tackling Compliance When it Becomes Your Biggest Performance Bottleneck.pdf
Craig Saunders44 views
Snow SAM presentation March 2018Snow SAM presentation March 2018
Snow SAM presentation March 2018
Jenny Carroll1.1K views
Fleet Optimization Buyer's GuideFleet Optimization Buyer's Guide
Fleet Optimization Buyer's Guide
Curtis Serna572 views
Best Practices for Channel Data CollectionBest Practices for Channel Data Collection
Best Practices for Channel Data Collection
Channelinsight1.3K views
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010
simongreaves800 views
DV 2016: Making Sense of the Current Legal LandscapeDV 2016: Making Sense of the Current Legal Landscape
DV 2016: Making Sense of the Current Legal Landscape
Tealium523 views
Rethinking Trust in Data Rethinking Trust in Data
Rethinking Trust in Data
DATAVERSITY381 views
ConnectTheGrid Overview Webinar - June 10, 2015ConnectTheGrid Overview Webinar - June 10, 2015
ConnectTheGrid Overview Webinar - June 10, 2015
West Monroe Partners1.5K views
The Future of Transaction ReportingThe Future of Transaction Reporting
The Future of Transaction Reporting
Antreas Artemiou20 views

Recently uploaded(20)

technology technology
technology
AngelAngel1535592 views
Enterprise Conferencing Solutions PPT.pptxEnterprise Conferencing Solutions PPT.pptx
Enterprise Conferencing Solutions PPT.pptx
Suma Soft Pvt. Ltd.0 views
Unleashing Innovation: CreativeWebo - Your Top Software Development Company i...Unleashing Innovation: CreativeWebo - Your Top Software Development Company i...
Unleashing Innovation: CreativeWebo - Your Top Software Development Company i...
Sagar Salvi3 views
H3C Corporate Brochure.pdfH3C Corporate Brochure.pdf
H3C Corporate Brochure.pdf
AbdulRehmanAbid62 views
Ultimate list of IT Services that can be outsourced.pptxUltimate list of IT Services that can be outsourced.pptx
Ultimate list of IT Services that can be outsourced.pptx
Sagar Salvi3 views
Ion Sources and BeamsIon Sources and Beams
Ion Sources and Beams
DrAlirezaGanjovi3 views
Change your architecture during deploymentChange your architecture during deployment
Change your architecture during deployment
Dennis van der Stelt0 views
Open Data Center Interconnect Products and Solutions Brochure -GL.pdfOpen Data Center Interconnect Products and Solutions Brochure -GL.pdf
Open Data Center Interconnect Products and Solutions Brochure -GL.pdf
Gigalight3 views
W-6-7-Ch-5-Tank Suspension system.pptxW-6-7-Ch-5-Tank Suspension system.pptx
W-6-7-Ch-5-Tank Suspension system.pptx
vishnoo70 views
3.5.+Core+Concepts+and+the+Business+Analyst's+Role.pdf3.5.+Core+Concepts+and+the+Business+Analyst's+Role.pdf
3.5.+Core+Concepts+and+the+Business+Analyst's+Role.pdf
Jess Rodriguez2 views
trackingSpoofedIp.pptxtrackingSpoofedIp.pptx
trackingSpoofedIp.pptx
BincySam20 views
Perfecting Customer Management Using Jira Service ManagementPerfecting Customer Management Using Jira Service Management
Perfecting Customer Management Using Jira Service Management
Cprime3 views
wasp_2023.pdfwasp_2023.pdf
wasp_2023.pdf
Felix Dobslaw0 views
Data and Analytics at Holland & Barrett: Building a '3-Michelin-star' Data Pl...Data and Analytics at Holland & Barrett: Building a '3-Michelin-star' Data Pl...
Data and Analytics at Holland & Barrett: Building a '3-Michelin-star' Data Pl...
Dobo Radichkov24 views
CRYPTO-BIKE Pitch deck.pdfCRYPTO-BIKE Pitch deck.pdf
CRYPTO-BIKE Pitch deck.pdf
CryptoBikeMailer7 views
AES.pptAES.ppt
AES.ppt
BincySam22 views
Breaking Boundaries: Unveiling Web Development Trends 2019 Thoroughly.pptxBreaking Boundaries: Unveiling Web Development Trends 2019 Thoroughly.pptx
Breaking Boundaries: Unveiling Web Development Trends 2019 Thoroughly.pptx
Sagar Salvi3 views
Digital Mining Solutions Simplified With VTPLDigital Mining Solutions Simplified With VTPL
Digital Mining Solutions Simplified With VTPL
UpasnaBagrodia0 views
Hoshizaki HS-0199 - Motor, Pump - PartsFe.pdfHoshizaki HS-0199 - Motor, Pump - PartsFe.pdf
Hoshizaki HS-0199 - Motor, Pump - PartsFe.pdf
PartsFe3 views
Qualys APIQualys API
Qualys API
Giacomo Cocozziello0 views
Advertisement

Supplier Assurance During COVID-19

  1. Supplier Assurance Has Never Been More Important During Uncertain Times 14th April 2020
  2. Who are we? 2 Alex Hollis VP GRC Services SureCloud Alex.hollis@surecloud.com Matthew Davies Product Marketing Director SureCloud Matthew.davies@surecloud.com
  3. Agenda • Third Party Risk Management Checklist • What should you be asking your suppliers now? • Why your fourth parties are so important • Embedding your risk & control culture in your suppliers • Using technology to enhance your program • Q&A
  4. 4 Third Party Risk Management Checklist
  5. 5 Third Party Risk Management Checklist  Central list of your vendors  Identify critical vendors  Link vendors to business assets  Prioritise vendors based on budget and time  Assess vendors www.surecloud.com © 2020 SureCloud. All rights reserved.
  6. 6 Third Party Risk Management Checklist  Central list of your vendors  Identify critical vendors  Link vendors to business assets  Prioritise vendors based on budget and time  Assess vendors But don’t worry if you haven’t operationalised these processes in a recent TPRM survey; Most firms are yet to automate inventory updates, and 89% of organisations are still relying on manual processes to support their TPRM program. www.surecloud.com © 2020 SureCloud. All rights reserved.
  7. 7 What should you be asking your suppliers now?
  8. 8 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  9. 9 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  10. 10 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  11. 11 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  12. 12 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  13. 13 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  14. 14 What should you be asking your suppliers now? www.surecloud.com © 2020 SureCloud. All rights reserved. Affected services or products Fourth parties Service/ product locations TPRM assurance Remote working Continuity & recovery planning Risk management
  15. 15 Why your fourth parties are so important
  16. 16 Security breaches from 3rd and 4th parties RSA Security: • April 2011 – via a recruitment company and xls file • Tens of millions of SecurID hardware tokens would have to be re-issued to clients British Airways: • September 2018 – via online payment forms • Approximately 380,000 transactions were affected and a proposed fine of £183m www.surecloud.com © 2020 SureCloud. All rights reserved.
  17. 17 Why are fourth parties important? www.surecloud.com © 2020 SureCloud. All rights reserved. Your Organisation
  18. 18 Why are fourth parties important? www.surecloud.com © 2020 SureCloud. All rights reserved. Your Organisation Third Party Vendor Third Party Vendor  What if your third party is also working with multiple third parties to provide your services?
  19. 19 Why are fourth parties important? www.surecloud.com © 2020 SureCloud. All rights reserved. Your Organisation Third Party Vendor Third Party Vendor 4th Party Vendor 4th Party Vendor 4th Party Vendor 4th Party Vendor 4th Party Vendor 4th Party Vendor  Fourth parties can infiltrate a company’s data through the third party relationship  Fourth party risks can arise from contractors, consultants and other vendors working with your third- party vendor
  20. 20 How to address fourth parties? • Targeted questions of your third parties to understand their fourth parties www.surecloud.com © 2020 SureCloud. All rights reserved.
  21. 21 How to address fourth parties? • Targeted questions of your third parties to understand their fourth parties • Work actively with your third parties to request information and get a full understanding of the fourth parties involved www.surecloud.com © 2020 SureCloud. All rights reserved.
  22. 22 How to address fourth parties? • Targeted questions of your third parties to understand their fourth parties • Work actively with your third parties to request information and get a full understanding of the fourth parties involved • Review your third parties own TPRM policies and practices www.surecloud.com © 2020 SureCloud. All rights reserved.
  23. 23 How to address fourth parties? • Targeted questions of your third parties to understand their fourth parties • Work actively with your third parties to request information and get a full understanding of the fourth parties involved • Review your third parties own TPRM policies and practices • Require your third parties contractually commit to notifying you prior to contracting with a fourth party vendor www.surecloud.com © 2020 SureCloud. All rights reserved.
  24. 24 How to address fourth parties? • Targeted questions of your third parties to understand their fourth parties • Work actively with your third parties to request information and get a full understanding of the fourth parties involved • Review your third parties own TPRM policies and practices • Require your third parties contractually commit to notifying you prior to contracting with a fourth party vendor • Identify trends in fourth parties and conduct onsite audits if possible www.surecloud.com © 2020 SureCloud. All rights reserved.
  25. 25 Embedding your risk & control culture in your suppliers
  26. 26 Embedding your risk and control culture in your suppliers Current Situation: • Organisations are conducting point in time assessment which is often regulatory focused Changing the mindset: • Embed your organisation’s risk and compliance processes into your suppliers • Actively incentivise suppliers to report risk and compliance data • Document and manage the risks and controls that occur from your supplier relationships • Track and assign remediation activities to your suppliers www.surecloud.com © 2020 SureCloud. All rights reserved.
  27. 27 Using technology to enhance your program
  28. 28 Using technology to enhance visibility of your vendors Current Situation:  Your organisations third party risk management program/solutions isn’t integrated into the wider organisation. How to enhance your program:  What existing technology we have will provide us with greater insight?  What other technology will provide us with better insight? www.surecloud.com © 2020 SureCloud. All rights reserved.
  29. 29 Technology you can leverage  What existing technology we have will provide us with greater insight? www.surecloud.com © 2020 SureCloud. All rights reserved.  What other technology will provide us with better insight? • Incident Data • IT Assets • Contract Data • Risk and Compliance Data • Financial Stability Data • Cyber Risk Rating • Regulatory Data • Corruption Perceptions Index
  30. 30 Q&A
  31. 31 Introducing SureCloud's Complimentary Supply Chain Solution With the free solution you can: 1. Document key processes and assets 2. Document your key 3rd and 4th parties 3. Directly assess your supply chain 4. Contribute to a global insight report 5. Define and manage both issues and exceptions 6. Report results via intuitive dashboards https://info.surecloud.com/free-supply-chain-solution www.surecloud.com © 2020 SureCloud. All rights reserved. Upcoming Webinar: How to Understand and Build the Resilience of your Supply Chain
  32. 32 Get in touch Carry on the conversation... - @surecloud alex.hollis@surecloud.com matthew.davies@surecloud.com
  33. Thank you www.surecloud.com sales@surecloud.com

Editor's Notes

  1. AH – First (Background) MD – Second (Background)
  2. AH – Walkthrough  FYI – we are all remote 
  3. AH – Checklist Key starters for 10 Matt revalidate  And add start to targeted question sets & link to tier or value of contract 
  4. MD – do  Highlight
  5. MD – lead  AH – add (future services) as nature changes
  6. MD – Lead AH – ether move on or add
  7. MD – Lead AH – ether move on or add
  8. MD – Lead AH – ether move on or add
  9. MD – Lead AH – ether move on or add
  10. MD – Lead AH – either move on or add
  11. MD – Lead AH – either move on or add
  12. AH – Lead this 
  13. MD – Lead
  14. MD – Lead
  15. MD – Lead AH – example  Marketing Agencies – Freelance  IT Provider – Services  Consulting Firms -  Specialist Staff  SaaS providers – Infrastructure and Libraries 
  16. AH – Lead 
  17. AH – Lead 
  18. AH – Lead 
  19. AH – Lead 
  20. AH – Lead Matt Comment  - point 3  - good coms and relationship with vendors AH – Ask matt (Level of Trust) do you need to pay for trust? Size one man band vs large service company  If its too good to be true it normally is Ask for references
  21. MD/AH - discuss "As is" AH - this wasn't designed for where we are today e.g. cloud  MD points - Accountable & report things into group risk? How does this happen?  Telling you about Risk
  22. AH - lead
  23. AH/MD  Alex lead  MD comments more informed 
Advertisement