Third Party Thursday Newsletter - February 9, 2023
We've gathered third-party risk management news and resources that you should check out to be in the know. Take a few minutes out of your busy day to read through the information below.
This week, the FTC seeks rule enforcement under the Health Breach Notification Rule and the CFPB announces a notice of proposed rulemaking. The SEC is close to finalizing rules governing firms’ cybersecurity obligations. And the increase in AI will likely come with regulatory and legal scrutiny.
There’s no shortage of informative industry studies to be aware of this week. A recent SecurityScorecard and the Cyentia Institute study finds that 98.3% of organizations worldwide are working with a third-party vendor who experienced a data breach in the last two years. A recent Gartner survey shares the top four priorities for supply chain organizations. To wrap up, Black Kite’s annual Third-Party Breach Report finds the level of breach impact and destruction doubled in 2022. Be sure to check out the rest of this week’s news.
Check out the recently released content.
eBook: Top 21 Third-Party Risk Management Resources for Beginners
eBook: Top 21 More Advanced Third-Party Risk Management Resources
Blog: How Retailers Can Protect Their Brand With Third-Party Risk Management
Blog: What Is a Medium-Risk Vendor?
On-Demand Webinar: State of Third-Party Risk Management 2023
Whitepaper: State of Third-Party Risk Management 2023
Infographic: 10 Reasons for a Third-Party Risk Budget
Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit www.thirdpartythinktank.com to register and sign in.
- TPRM Staffing Models: "Is there any industry standard information that exists surrounding TPRM staffing models?" Help Answer
- Framework and Implementation: "Our TPRM policy and procedures is approved and we're in the stage of preparing the framework and implementation from the base and looking for input. How should we bucket vendors into categories and how do we create a risk rating matrix?" Help Answer
- Free Software: "Do you perform security reviews on free software before personnel at your organization utilize it?" Help Answer
Risk-Based Vendor Due Diligence: Identifying Scope, Scale, and Documents
Effectively managing third-party risks requires risk-based due diligence tailored to the product or services as well as the level of risk. In this webinar, learn how to identify the right scope and scale for vendor due diligence.
February 21, 2023 | Basic | 2pm ET | Register Now
Vendor Onboarding: How to Do It Correctly
An organization's vendor onboarding process should allow for identification of the right partner and is critical to the success of this future relationship. In this session, learn more about finding new vendors and their subsequent onboarding, including planning, risk assessment, due diligence, contracting, and more.
February 28, 2023 | Intermediate | 2pm ET | Register Now
Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.