Third Party Thursday - September 26, 2024

Happy first full week of fall! ?? As the weather cools down, cozy up with the latest edition of Third Party Thursday to read through third-party risk management news, educational resources, and so much more.

?As third-party IT risk becomes a bigger priority for CISOs, it’s helpful to know how to assess and mitigate it. Organizations can use best practices to manage third-party cybersecurity risks, including creating a third-party inventory and using threat intelligence. It can also be useful to understand what a supply chain attack is and how it can impact your organization.

The upcoming Digital Operational Resilience Act and Network and Information Systems Directive both emphasize the importance of supply chain risk management for organizations in the European Union. The U.S. Department of Justice updated guidance to include new technologies like artificial intelligence by adding 10 questions for organizations to consider. Industries like trucking and logistics should also consider investing in third-party risk management so they can be better positioned for long-term partnerships. Read all of this week’s third-party risk management news.

Read More

eBook:?A Guide to Ongoing Monitoring in Third-Party Risk Management

Blog: Overview of a Third-Party Risk Management Framework

Blog: Broker-Dealers Third-Party Risk Management Regulatory Requirements

On-Demand Webinar:?How to Classify Who Is a Critical Vendor

Podcast: The 3 Vendor Risk Management Frameworks

On-Demand Webinar: Mastering Vendor Tiering: The Critical Role of Compliance in Third-Party Risk Management

Additional Resources:

• Infographic: Benefits and Best Practices of Mid-Term Vendor Contract Reviews
• Press Release: Ncontracts acquires Venminder via Hg buyout
• Blog: When to Request a Vendor SOC 1 vs SOC 2 Report
• On-Demand Webinar: Who Should Be Involved in Third-Party Risk Management
• Blog: Advocating for a 2025 Third-Party Risk Management Budget
• Blog: Differences Between a Vendor's Disaster Recovery and Business Continuity Plans
• eBook: How to Plan Your Third-Party Risk Management Budget Using Roadmaps
• Blog: Creating an Effective Vendor Contract Management System
• On-Demand Webinar: The Difference Between Inherent and Residual Vendor Risk
• Blog: Third-Party Risk Management Highlights From the FFIEC Development, Acquisition, and Maintenance Booklet

View All Resources

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit?www.thirdpartythinktank.com to register and sign in.

• Contract Signers: "Does anyone verify if the signers of the contract are authorized to sign the contract? If so, does the vendor management team (centralized program) verify or does the department head (decentralized) verify who is authorized to sign the contract?"?Help Answer
• Contract Exceptions: What method is used to formally track exceptions from a third-party agreement?" Help Answer
• Beneficial Ownership: "How many organizations collect beneficial ownerships information in the inherent risk assessment/intake form when onboarding a vendor?" Help Answer

Third-Party Risk Management Bootcamp

In this three-day virtual bootcamp, industry experts will cover an in-depth look at the third-party risk management lifecycle, vendor risk management best practices, fourth-and nth-party vendors, vendor financial health, AI risk, and much more. Grab your camping chair and save your seat today.

October 1-3, 2024 | Basic | 1pm ET | Register Now

Staffing Your Third-Party Risk Management Program

Third-party risk management programs often struggle with understaffing, hindering their ability to function optimally. In this session, we'll discuss the factors your organization must consider to appropriately staff your third-party risk management function.

October 15, 2024 | Intermediate | 2pm ET | Register Now

Understanding the Elements of Your Vendor's Cybersecurity Program

In today's world, cyberattacks and data breaches are becoming more common, so it's essential to understand the cybersecurity program of your vendors. In this session, we'll discuss vendor cybersecurity posture and its importance, what you should be requesting and reviewing from your vendors, and more.

October 24, 2024 | Basic | 11am ET?| Register Now

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.