An ever-growing area of concentration in risk management is identifying and mitigating the risks that third parties introduce to an organisation – and perhaps equally important, ensuring that third parties don’t introduce unmeasured risk.
One might think that third-party governance systems, sometimes used for vendor assessments, could be used to manage the identity and access management aspects of the vendor relationship. However, most security vendors do not consider identity to be part of third-party management.
Today, it’s common practice for risk management teams to assess a third party’s risk controls by evaluating responses to a Standardised Information Gathering (SIG) questionnaire. Unfortunately, these vendor security assessments based on SIG answers may give the organisation false confidence in a vendor’s actual security posture.
In addition, onboarding processes are usually automated for employees but are highly manual for third-party users.
This white paper explores and outlines why, to effectively manage third-party risk, organizations require a purpose-built, scalable solution that improves the granularity, transparency, consistency and agility of their third-party risk management program.
