SlideShare a Scribd company logo

Why does-your-company-need-a-third-party-risk-management-program

C
Charles Steve

Why does-your-company-need-a-third-party-risk-management-program - Society of Cyber Risk Management and Compliance Professionals - https://www.opsfolio.com/

1 of 15
Download to read offline
Why Does Your Company Need a Third Party Risk Management Program? Created & Designed by : Everyone is familiar with the term “RISK MANAGEMENT” Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Yes!!! It means “attempting to identify and then manage threats” which could severely damage or shut your business down. Organize Get the right people involved Collect Get the right data Analyze Map your risk Plan Mitigate your risk Execute Introduce the right tools and processes Communicate Informs travelers, Inform yourself Audit Keep the program alive and relevant
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC ARE YOU AWARE of the types of data at risk? Check it out… Protected Health Information (PHI) Personally Identifiable Information (PII) Payment Card Industry (PCI) Transactions Intellectual Property
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC 10 MAJOR THREATS affecting your mission critical data? Malware/ Ransomware Computer Virus Rogue Security Software Trojan Horse Computer Worm Malicious Spyware Botnet Spam Phishing Rootkit
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Most of these threats use “THIRD PARTIES” as their spreading channels. Unfortunately, depending on third parties is unavoidable. Your business needs software, hardware, internet connectivity, power, and buildings. It’s unlikely they’re going to do all these things themselves. This means that businesses must be depend on third parties. With this dependence (Third Parties), comes risk.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Is your company’s welfare and reputation at the mercy of a third party? If YES, then you are exposed to the below consequences. Regulatory Fines Civil Litigation Loss of Value Damage to Your Reputation Market Drift and Competition Shifts
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC See what these cyber experts say about the need of a TPRM program? Ryan Stolte @CyberStolte CTO & Co-founder of Bay Dynamics “Instead of trying to boil the ocean, keeping tabs on every user for every vendor, security teams must hone in on those that access the company’s most valued applications and systems.”
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Asher DeMetz @SungardAS_PTNR Manager- Security Consulting Sungard Availability Services “When it comes to the cyber world, vendors must demonstrate that they understand security and have a mature security program in place, including policies and employee training. The software or hardware would need to be validated with the correct security controls and attestation of security testing, and possibly compliance. If the third party is making configuration changes, these would have to go through proper change- management channels to ensure that they align to the security program and don't introduce risk into the environment.”
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Below are the ESSENTIAL ACTIVITIES needed to implement your TPRM Program. Build a Core Team Build an initial organization structure and architect a third party solution adapted to the organization’s operational structure Seek detailed information to build a complete inventory of all third and fourth parties from, at minimum, Procurement, Accounting, International Operations and the Legal departments. Complete a Full Inventory
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Define a Repository for Contracts Administration This database is usually held under the supervision of the Procurement function and may already exist. This template must include, among other clauses, a ‘right to audit’ clause that ensures the outsourcer’s ability to perform a security assessment of its third parties. Define a Standard Contract Template Define a Security Requirements Appendix This will be a mandatory attachment for the standard contract template that will address specific company security requirements that third party service providers must meet.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Identify a TPRM Risk Management Software Platform Options include leveraging a common system with Procurement for contracts and third party inventory management or using a separate Governance, Risk and Compliance (GRC) platform. This individual will be responsible for acting as the third party interface for all communications and ensuring third party performance commitments are met, as well as for maintaining the overall health of the relationship. Identify Business Unit Vendor Relationship Managers (VRMs) These should be tailored for each of the key stakeholders in the company and used and updated on an ongoing basis. Develop TPRM Training Materials
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Develop a Third Party Risk Categorization Process This is required in order to define, identify and document the risk associated with each of the organization’s third parties, as not all represent the same risk to the company, and to ensure that those third parties that represent the highest risk are focused on first and in the greatest depth. This will serve as the repository of all identified third party issues, including the tracking or remediation plans status, as well as documentation of any risk acceptances signed off by the business where remediation will not occur. Develop or Leverage an Existing Issue Management System Implement the TPRM Program in Phases Initially, focusing on program implementation for new third parties being on boarded can allow the organization to ease into the implementation process and limit the growth of non-compliant, high risk third parties within an organization.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC An effective third party risk management (TPRM) program will make your business secure. Netspective’s Opsfolio Attest provides companies with third-party risk management (TPRM) services that help them identify third- party risks.
Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Sources: https://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-explained https://sharedassessments.org https://bryghtpath.com/why-your-company-needs-a-third-party-risk-management-framework/ https://www.bing.com/images/discover?FORM=ILPMFT https://images.google.com/ Opsfolio Attest services include: v Current state assessment and gap analysis based on leading practices. v Asking and managing risks around third-parties and vendors. v Detailed risk assessment of specified risk parameters. v Running third-party audit programs across operational, information security, and compliance risk, etc. v Offering in-depth third-party risk reports.
These are the OKRs for this PPT: 1. KR-OCMGH-C-04: Using infographics, images and videos to get better visibility in search engine rankings to increase signups. 2. KR-OCMGH-C-01: 50% increase in followers, likes, shares to increase community membership signups. OKRs

Recommended

Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
Charles Steve
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Resolver Inc.
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Third party risk management and it’s complexities
Third party risk management and it’s complexitiesThird party risk management and it’s complexities
Third party risk management and it’s complexities
kevinmass30
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practices
SALIH AHMED ISLAM
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
Kate Tomlinson
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
Charles Steve
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
Ajai Srivastava
 

Recommended

Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
Charles Steve
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Resolver Inc.
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Third party risk management and it’s complexities
Third party risk management and it’s complexitiesThird party risk management and it’s complexities
Third party risk management and it’s complexities
kevinmass30
 
third party risk management best practices
third party risk management best practicesthird party risk management best practices
third party risk management best practices
SALIH AHMED ISLAM
 
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gapsGRC15620_Report_-_Third_party_risk_exposing_the_gaps
GRC15620_Report_-_Third_party_risk_exposing_the_gaps
Kate Tomlinson
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
Charles Steve
 
bsi-cyber-resilience-presentation
bsi-cyber-resilience-presentationbsi-cyber-resilience-presentation
bsi-cyber-resilience-presentation
Ajai Srivastava
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management Introduction
Naveen Grover
 
8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software
Corporater
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
Corporater
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
Deepak Bansal, CPA CISSP
 
TPRM Made Easy - 4 Dimension TPRM Framework
TPRM Made Easy - 4 Dimension TPRM FrameworkTPRM Made Easy - 4 Dimension TPRM Framework
TPRM Made Easy - 4 Dimension TPRM Framework
Suresh Subbu
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
Unified11
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
PECB
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
Corporater
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
Meg Vorland
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler, MBA CPA
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
How well are you managing risk
How well are you managing riskHow well are you managing risk
How well are you managing risk
Gregg Barrett
 
4 common headaches with sales compensation management
4 common headaches with sales compensation management4 common headaches with sales compensation management
4 common headaches with sales compensation management
IBM Analytics
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPARiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
Hernan Huwyler, MBA CPA
 
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
Citrin Cooperman
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.com
Pentest-Tools.com
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
Karyl Scott
 

More Related Content

What's hot

Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Corporater
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
SALIH AHMED ISLAM
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management Introduction
Naveen Grover
 
8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software
Corporater
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
DVV Solutions Third Party Risk Management
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
Corporater
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
Deepak Bansal, CPA CISSP
 
TPRM Made Easy - 4 Dimension TPRM Framework
TPRM Made Easy - 4 Dimension TPRM FrameworkTPRM Made Easy - 4 Dimension TPRM Framework
TPRM Made Easy - 4 Dimension TPRM Framework
Suresh Subbu
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
Unified11
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
PECB
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
Corporater
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
Meg Vorland
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler, MBA CPA
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
BOC Group
 
How well are you managing risk
How well are you managing riskHow well are you managing risk
How well are you managing risk
Gregg Barrett
 
4 common headaches with sales compensation management
4 common headaches with sales compensation management4 common headaches with sales compensation management
4 common headaches with sales compensation management
IBM Analytics
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPARiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
Hernan Huwyler, MBA CPA
 
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
Citrin Cooperman
 

What's hot (19)

Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
A compliance officer's guide to third party risk management
A compliance officer's guide to third party risk managementA compliance officer's guide to third party risk management
A compliance officer's guide to third party risk management
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management Introduction
 
8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software
 
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best PracticeThird Party Risk Assessment Due Diligence - Managed Service as Best Practice
Third Party Risk Assessment Due Diligence - Managed Service as Best Practice
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
 
Information Technology Vendor Risk Management
Information Technology Vendor Risk ManagementInformation Technology Vendor Risk Management
Information Technology Vendor Risk Management
 
TPRM Made Easy - 4 Dimension TPRM Framework
TPRM Made Easy - 4 Dimension TPRM FrameworkTPRM Made Easy - 4 Dimension TPRM Framework
TPRM Made Easy - 4 Dimension TPRM Framework
 
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
CYBERSECURITY, RISK & COMPLIANCE | AMPCUS INC.
 
Organizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC ApproachOrganizational Resilience Management - an Integrated GRC Approach
Organizational Resilience Management - an Integrated GRC Approach
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance RisksHernan Huwyler Corporate Risk Assesstment Compliance Risks
Hernan Huwyler Corporate Risk Assesstment Compliance Risks
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
How well are you managing risk
How well are you managing riskHow well are you managing risk
How well are you managing risk
 
4 common headaches with sales compensation management
4 common headaches with sales compensation management4 common headaches with sales compensation management
4 common headaches with sales compensation management
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPARiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
RiskAllay - Digital Compliance - Prof- Hernan Huwyler MBA CPA
 
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
MasterSnacks: Cybersecurity - Third-Party Crashers: Avoiding Service Provider...
 

Similar to Why does-your-company-need-a-third-party-risk-management-program

200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
Chad Korosec
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.com
Pentest-Tools.com
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
Karyl Scott
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
CBIZ, Inc.
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
Richard Brzakala
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
Mighty Guides, Inc.
 
Screening Online powered by World-Check
Screening Online powered by World-CheckScreening Online powered by World-Check
Screening Online powered by World-Check
Arzoo Edroos
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
Veracode
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
Charmaine Servado
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
FERMA
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
Christine Maligec, CRM-E, CRIS
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
NormShield
 
Allgress | Industry Proven Risk and Compliance Management
Allgress | Industry Proven Risk and Compliance ManagementAllgress | Industry Proven Risk and Compliance Management
Allgress | Industry Proven Risk and Compliance Management
CIO Look Magazine
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
Envision Technology Advisors
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
Elizabeth Dimit
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Ahad
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
balejandre
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party Risk
Elizabeth Dimit
 

Similar to Why does-your-company-need-a-third-party-risk-management-program (20)

200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
COVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.comCOVID-19 free penetration tests by Pentest-Tools.com
COVID-19 free penetration tests by Pentest-Tools.com
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Screening Online powered by World-Check
Screening Online powered by World-CheckScreening Online powered by World-Check
Screening Online powered by World-Check
 
Selling Your Organization on Application Security
Selling Your Organization on Application SecuritySelling Your Organization on Application Security
Selling Your Organization on Application Security
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
 
Allgress | Industry Proven Risk and Compliance Management
Allgress | Industry Proven Risk and Compliance ManagementAllgress | Industry Proven Risk and Compliance Management
Allgress | Industry Proven Risk and Compliance Management
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
Tips to Make an Incident Response Plan to Tackle Cyber Threats and Safeguardi...
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party Risk
 

Recently uploaded

Chapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptxChapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptx
Earlene McNair
 
ABDOMINAL TRAUMA in pediatrics part one.
ABDOMINAL TRAUMA in pediatrics part one.ABDOMINAL TRAUMA in pediatrics part one.
ABDOMINAL TRAUMA in pediatrics part one.
drhasanrajab
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
taiba qazi
 
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptxREGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
LaniyaNasrink
 
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...
Oleg Kshivets
 
#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...
#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...
#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...
chandankumarsmartiso
 
Dehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in Dehradun
Dehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in DehradunDehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in Dehradun
Dehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in Dehradun
chandankumarsmartiso
 
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptxThyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Dr. Rabia Inam Gandapore
 
TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...
TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...
TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...
Donc Test
 
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotesPromoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
PsychoTech Services
 
Identification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptxIdentification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptx
MGM SCHOOL/COLLEGE OF NURSING
 
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
rishi2789
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
rishi2789
 
Efficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in AyurvedaEfficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in Ayurveda
Dr. Jyothirmai Paindla
 
Aortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 BernAortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 Bern
suvadeepdas911
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
reignlana06
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
Jim Jacob Roy
 
The Best Ayurvedic Antacid Tablets in India
The Best Ayurvedic Antacid Tablets in IndiaThe Best Ayurvedic Antacid Tablets in India
The Best Ayurvedic Antacid Tablets in India
Swastik Ayurveda
 
THERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptxTHERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptx
70KRISHPATEL
 
NVBDCP.pptx Nation vector borne disease control program
NVBDCP.pptx Nation vector borne disease control programNVBDCP.pptx Nation vector borne disease control program
NVBDCP.pptx Nation vector borne disease control program
Sapna Thakur
 

Recently uploaded (20)

Chapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptxChapter 11 Nutrition and Chronic Diseases.pptx
Chapter 11 Nutrition and Chronic Diseases.pptx
 
ABDOMINAL TRAUMA in pediatrics part one.
ABDOMINAL TRAUMA in pediatrics part one.ABDOMINAL TRAUMA in pediatrics part one.
ABDOMINAL TRAUMA in pediatrics part one.
 
Tests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptxTests for analysis of different pharmaceutical.pptx
Tests for analysis of different pharmaceutical.pptx
 
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptxREGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
REGULATION FOR COMBINATION PRODUCTS AND MEDICAL DEVICES.pptx
 
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...
Local Advanced Lung Cancer: Artificial Intelligence, Synergetics, Complex Sys...
 
#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...
#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...
#cALL# #gIRLS# In Dehradun ꧁❤8107221448❤꧂#cALL# #gIRLS# Service In Dehradun W...
 
Dehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in Dehradun
Dehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in DehradunDehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in Dehradun
Dehradun #ℂall #gIRLS Oyo Hotel 8107221448 #ℂall #gIRL in Dehradun
 
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptxThyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
Thyroid Gland- Gross Anatomy by Dr. Rabia Inam Gandapore.pptx
 
TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...
TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...
TEST BANK For Community Health Nursing A Canadian Perspective, 5th Edition by...
 
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotesPromoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
Promoting Wellbeing - Applied Social Psychology - Psychology SuperNotes
 
Identification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptxIdentification and nursing management of congenital malformations .pptx
Identification and nursing management of congenital malformations .pptx
 
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
CHEMOTHERAPY_RDP_CHAPTER 2 _LEPROSY.pdf1
 
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdfCHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
CHEMOTHERAPY_RDP_CHAPTER 3_ANTIFUNGAL AGENT.pdf
 
Efficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in AyurvedaEfficacy of Avartana Sneha in Ayurveda
Efficacy of Avartana Sneha in Ayurveda
 
Aortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 BernAortic Association CBL Pilot April 19 – 20 Bern
Aortic Association CBL Pilot April 19 – 20 Bern
 
Adhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.comAdhd Medication Shortage Uk - trinexpharmacy.com
Adhd Medication Shortage Uk - trinexpharmacy.com
 
Osteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdfOsteoporosis - Definition , Evaluation and Management .pdf
Osteoporosis - Definition , Evaluation and Management .pdf
 
The Best Ayurvedic Antacid Tablets in India
The Best Ayurvedic Antacid Tablets in IndiaThe Best Ayurvedic Antacid Tablets in India
The Best Ayurvedic Antacid Tablets in India
 
THERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptxTHERAPEUTIC ANTISENSE MOLECULES .pptx
THERAPEUTIC ANTISENSE MOLECULES .pptx
 
NVBDCP.pptx Nation vector borne disease control program
NVBDCP.pptx Nation vector borne disease control programNVBDCP.pptx Nation vector borne disease control program
NVBDCP.pptx Nation vector borne disease control program
 

Why does-your-company-need-a-third-party-risk-management-program

  • 1. Why Does Your Company Need a Third Party Risk Management Program? Created & Designed by : Everyone is familiar with the term “RISK MANAGEMENT” Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC
  • 2. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Yes!!! It means “attempting to identify and then manage threats” which could severely damage or shut your business down. Organize Get the right people involved Collect Get the right data Analyze Map your risk Plan Mitigate your risk Execute Introduce the right tools and processes Communicate Informs travelers, Inform yourself Audit Keep the program alive and relevant
  • 3. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC ARE YOU AWARE of the types of data at risk? Check it out… Protected Health Information (PHI) Personally Identifiable Information (PII) Payment Card Industry (PCI) Transactions Intellectual Property
  • 4. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC 10 MAJOR THREATS affecting your mission critical data? Malware/ Ransomware Computer Virus Rogue Security Software Trojan Horse Computer Worm Malicious Spyware Botnet Spam Phishing Rootkit
  • 5. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Most of these threats use “THIRD PARTIES” as their spreading channels. Unfortunately, depending on third parties is unavoidable. Your business needs software, hardware, internet connectivity, power, and buildings. It’s unlikely they’re going to do all these things themselves. This means that businesses must be depend on third parties. With this dependence (Third Parties), comes risk.
  • 6. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Is your company’s welfare and reputation at the mercy of a third party? If YES, then you are exposed to the below consequences. Regulatory Fines Civil Litigation Loss of Value Damage to Your Reputation Market Drift and Competition Shifts
  • 7. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC See what these cyber experts say about the need of a TPRM program? Ryan Stolte @CyberStolte CTO & Co-founder of Bay Dynamics “Instead of trying to boil the ocean, keeping tabs on every user for every vendor, security teams must hone in on those that access the company’s most valued applications and systems.”
  • 8. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Asher DeMetz @SungardAS_PTNR Manager- Security Consulting Sungard Availability Services “When it comes to the cyber world, vendors must demonstrate that they understand security and have a mature security program in place, including policies and employee training. The software or hardware would need to be validated with the correct security controls and attestation of security testing, and possibly compliance. If the third party is making configuration changes, these would have to go through proper change- management channels to ensure that they align to the security program and don't introduce risk into the environment.”
  • 9. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Below are the ESSENTIAL ACTIVITIES needed to implement your TPRM Program. Build a Core Team Build an initial organization structure and architect a third party solution adapted to the organization’s operational structure Seek detailed information to build a complete inventory of all third and fourth parties from, at minimum, Procurement, Accounting, International Operations and the Legal departments. Complete a Full Inventory
  • 10. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Define a Repository for Contracts Administration This database is usually held under the supervision of the Procurement function and may already exist. This template must include, among other clauses, a ‘right to audit’ clause that ensures the outsourcer’s ability to perform a security assessment of its third parties. Define a Standard Contract Template Define a Security Requirements Appendix This will be a mandatory attachment for the standard contract template that will address specific company security requirements that third party service providers must meet.
  • 11. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Identify a TPRM Risk Management Software Platform Options include leveraging a common system with Procurement for contracts and third party inventory management or using a separate Governance, Risk and Compliance (GRC) platform. This individual will be responsible for acting as the third party interface for all communications and ensuring third party performance commitments are met, as well as for maintaining the overall health of the relationship. Identify Business Unit Vendor Relationship Managers (VRMs) These should be tailored for each of the key stakeholders in the company and used and updated on an ongoing basis. Develop TPRM Training Materials
  • 12. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Develop a Third Party Risk Categorization Process This is required in order to define, identify and document the risk associated with each of the organization’s third parties, as not all represent the same risk to the company, and to ensure that those third parties that represent the highest risk are focused on first and in the greatest depth. This will serve as the repository of all identified third party issues, including the tracking or remediation plans status, as well as documentation of any risk acceptances signed off by the business where remediation will not occur. Develop or Leverage an Existing Issue Management System Implement the TPRM Program in Phases Initially, focusing on program implementation for new third parties being on boarded can allow the organization to ease into the implementation process and limit the growth of non-compliant, high risk third parties within an organization.
  • 13. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC An effective third party risk management (TPRM) program will make your business secure. Netspective’s Opsfolio Attest provides companies with third-party risk management (TPRM) services that help them identify third- party risks.
  • 14. Society of Cyber Risk Management & Compliance Professionals - Opsfolio.com. Copyright © 2017 by Netspective Communications LLC Sources: https://blogs.cisco.com/smallbusiness/the-10-most-common-security-threats-explained https://sharedassessments.org https://bryghtpath.com/why-your-company-needs-a-third-party-risk-management-framework/ https://www.bing.com/images/discover?FORM=ILPMFT https://images.google.com/ Opsfolio Attest services include: v Current state assessment and gap analysis based on leading practices. v Asking and managing risks around third-parties and vendors. v Detailed risk assessment of specified risk parameters. v Running third-party audit programs across operational, information security, and compliance risk, etc. v Offering in-depth third-party risk reports.
  • 15. These are the OKRs for this PPT: 1. KR-OCMGH-C-04: Using infographics, images and videos to get better visibility in search engine rankings to increase signups. 2. KR-OCMGH-C-01: 50% increase in followers, likes, shares to increase community membership signups. OKRs