TPRM Awareness, upskill and cross skill

by | Feb 15, 2024 | Blog

The security world is very diversified, with the majority of the organizations practicing defensive security while a few have adopted offensive security as well. Security professionals need to keep abreast with developments in Third Party Risk Management space and that requires constant learning and practicing. Industry is witnessing a massive dependency on third party products and services which has resulted in very high associated risks. While companies are gearing up to make TPRM a program or function, there is a shortage of skilled professionals who are not aware of the industry’s best practices and lack enough practical exposure.

By 2025, a lack of talent or human failure will be responsible for over half of significant cyber incidents -says Gartner.

Engage in knowledge-sharing sessions with other teams involved in third party onboarding.

  • Legal – can help you understand the approach, the standard language, nuances, exceptions, and deviations while drafting or reviewing the contract. Understand how local country agreements (LCA) work as compared to the Master Services Agreement (MSA, and how an addendum saves time when additional contract terms are added
  • Privacy & Healthcare – understand the applicable privacy regulations, requirements, and evaluation methods and incorporate the same during the risk assessment and contract reviews
  • Business – understand the justification behind onboarding the third party, meet an internal or client requirement, business growth, keeping up in the industry, and trying new technology to explore opportunities
  • Procurement – learn the best practices, life cycle, and types of contracts (partnership, teaming, reseller, sub-contractor, professional, managed services, etc.)
  • Architecture – best practices when reviewing security architectures, and understanding the integration points and technologies that are used.

Refer and study the different standards and frameworks to implement Third party risk or supply chain risk such as NIST SP 800-161, Shared Assessment framework, NIST CSF, ISO/IEC 27036-1:2021, NIST 800-37, etc.

Study different security, privacy and health laws & regulations that enforce managing third party risk such as GDPR, CCPA, PIPEDA, HIPAA, Supply chain act by some European countries (German Supply Chain Act), MITRE System of Trust (SoT) framework, etc.

Enroll for training and plan for certification offered by various organizations such as Shared Assessments, Association of Supply Chain Management (ASCM), Third Party Risk Association (TPRA), Advanced Corporate TPRM Training by Defentrix, etc. where you learn:

  • TPRM frameworks (Decentralized, centralized, and Hybrid) should be adopted and implemented based on the priorities of the organization
  • Impact of Laws, standards, and regulations on the Due Diligence Approach
  • Adopting industry best practices to manage operations
  • Evaluating the maturity level of your TPRM program/Function and learning how to increase the maturity of the program

Understand the implications of Environmental, Social, and Governance (ESG) regulations in various industries across geographies from a third party risk standpoint

Register and subscribe to various third party risk forums to keep abreast with the most current topics of discussion and build more connections

Gain Insights and knowledge on trends from research firms such as Gartner and Forrester

Subscribe to threat intel new on incidents and breaches caused by third parties such as CSOonline, securityintelligence, etc.

Related Blogs