Third Party Thursday - June 22, 2023

Did you get to enjoy the longest day of the year (for sunlight) yesterday? Have more time today to catch up with vendor risk management news, resources, and upcoming webinars? Check it all out below in one easy spot!

It’s more important than ever to manage third-party risk! Ramifications from the massive MOVEit file transfer breach are still unfolding. The Department of Justice is even offering a reward for information about the group responsible. There are great lessons to be learned on managing the risks that come with third parties to prevent data breaches. Sometimes, you must start at the beginning and simply identify who those third parties are! Even third-party APIs pose risks to your organization that must be mitigated.

Good third-party and cybersecurity risk practices are important, no matter what industry you’re in. Healthcare organizations are frequent targets for breaches and cryptocurrency organizations are facing legal and financial risks. Even a DNA testing company is in trouble with the FTC for its data practices. And, as ESG moves to the forefront for many organizations, the legal risks are also increasing with greenwashing lawsuits. There’s much more to read about this week, so be sure to check it all out!

Read More

On-Demand Webinar: How to Review Your Vendor's Business Continuity, Disaster Recovery, and Pandemic Plans

Blog: MOVEit Ransomware Breach: Third-Party Risk Management Next Steps

Template:?Third-Party Risk Management Policy

Blog: Third-Party Risk Management Principles to Follow for Cybersecurity Regulatory Compliance

Blog: The Difference Between a Vendor Contract and a Service Level Agreement (SLA)

Whitepaper: Vendor Risk Management: 2023 SEC Examination Priorities and Cybersecurity and Resiliency Observations Reports

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit?www.thirdpartythinktank.com to register and sign in.

• Remote Assistance to Clients: "Our organization uses TeamViewer for the purpose of remotely assisting our clients with troubleshooting issues and training on online banking. Should we consider TeamViewer as having access to our clients' nonpublic personal information (NPI)?"?Help Answer
• Relocation Vendors: "We're in a Value Stream Mapping session and relocation vendors came up. These are vendors who reimburse our organization for all or a portion of the closing fees associated with an employee relocating at their employer's request. Does anyone have experience with these?"?Help Answer
• Vendors Outside the U.S.: "What do you use for reputation reviews of vendors who are located outside the United States?" Help Answer

Creating an Effective Vendor Document Collection Process

Collecting vendor information and documentation is essential to the due diligence process. However, this process can be extremely challenging. Join us for this webinar where we'll provide guidance surrounding the information and documents you should gather based on the vendor's level of risk.

June 27, 2023 | Basic | 2pm ET | Register Now

How to Classify Who Is a Critical Vendor

Identifying your organization's critical vendors is required by regulators, auditors, and is a best practice. Register for this session to learn the necessary criteria for identifying critical vendors as well as how to manage these vendors once they've been identified.

July 11, 2023 | Basic | 2pm ET | Register Now

Vendor Exit Strategies and Plans: Managing the Offboarding Process Safely and Effectively

Establishing a realistic and achievable exit plan for your vendors is mandatory to ensure that the relationship is wound down safely and soundly. Join us for this webinar to learn important elements of a vendor exit strategy.

July 25, 2023 | Intermediate | 11am ET | Register Now

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.