Third Party Thursday - October 3, 2024

It's October and you may know what that means... Happy National Cybersecurity Awareness Month! Take a few minutes out of your busy day to check out third-party risk management industry news, educational resources, and much more below!

A vulnerability in a third-party application was exploited, forcing a cloud-hosting provider to take some dashboards offline. Using steps like inventorying third parties and identifying criticality can help organizations mitigate third-party risks. In healthcare, using vendor risk management measures, like ongoing monitoring and contract management, can assist with managing risks.

It's recommended organizations review how third parties apply updates, as outages like CrowdStrike’s can occur. Experts also recommend reviewing business continuity plans and third-party service level agreements. The National Institute of Standards and Technology (NIST) updated its password guidelines, including removing the requirement to use a mix of character types. Catch up on this week’s third-party risk management news below.?

Read More

Whitepaper: State of Third-Party Risk Management 2024

Infographic:?What Vendor Documents are Needed to Assess Business Continuity and Disaster Recovery

Article:?Optimizing Your Vendor Risk Management Budget Resources

Blog: Third-Party Data Protection: Are Your Vendors Prepared?

eBook: Mini Vendor Risk Management Handbook

Blog:?Advice for Compliance: How to Foster Productive Business Relationships

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit?www.thirdpartythinktank.com to register and sign in.

• Beneficial Ownership: "How many organizations collect beneficial ownership information in the inherent risk assessment/intake form when onboarding a vendor?" Help Answer
• How to Create Procedural Documents: "I'm in the process of creating procedural documentation of our vendor management practices. We have a brief vendor management policy that outlines necessary outcomes of each phase. How should I begin to approach procedures that are aligned to this policy?" Help Answer
• Product Reputation vs Vendor Reputation: "Are there any resources to research product reputation? What if a vendor has many products and some products are better than others?" Help Answer

Staffing Your Third-Party Risk Management Program

Third-party risk management programs often struggle with understaffing, hindering their ability to function optimally. In this session, we'll discuss the factors your organization must consider to appropriately staff your third-party risk management function.

October 15, 2024 | Intermediate | 2pm ET | Register Now

Understanding the Elements of Your Vendor's Cybersecurity Program

In today's world, cyberattacks and data breaches are becoming more common, so it's essential to understand the cybersecurity program of your vendors. In this session, we'll discuss vendor cybersecurity posture and its importance, what you should be requesting and reviewing from your vendors, and more.

October 24, 2024 | Basic | 11am ET?| Register Now

Using SLAs and KPIs for Effective Vendor Performance Management

Vendor performance is an essential part of third-party risk management, and SLAs and KPIs are valuable tools in the performance management process. In this informative session, we'll provide an overview of the vendor performance management process, how to monitor and manage performance, and more.

November 5, 2024 | Intermediate | 2pm ET | Register Now

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.