Third-Party Incident Management
Organizations often find themselves struggling to gain a thorough understanding of the length and breadth of an incident or breach at their third party and the type of impact on their organization. The impact can only be calculated when there is good enough data that...
Determination of the Maturity Level of the TPRM Program
Organizations that do have a TPRM program are at times unable to accurately determine the maturity level of the program. It is imperative to evaluate the maturity level to understand the deficiencies, short comings, operational risk, strategic risk, and optimal...
Don’t be shy of using available security rating tools
Security Ratings by definition, are produced by monitoring the internet space for information relevant to an organization’s internet exposed assets. There are many players in the industry that offer security rating tools (Security Scorecard, BitSight, Fortify Data,...
Risk Articulation in TPRM
Risks identified (Inherent & Residual) need to be well articulated so the recipients find the right justification and reason to be called a risk. Lack of proper articulation often results in pushing back. A lack of control opens the door to risks, but what it may lead...
Recommended Guidelines for Effective Third-Party Contract Reviews and Negotiation
TPRM security assessment is followed by recommending appropriate and necessary clauses to the contract that finalizes the onboarding, once agreed upon by both sides. Contracts may at times reveal more information that was perhaps missed during the assessment scoping....
Co-ordination and Knowledge transfer (KT)
TPRM operations, when done in the right way by factoring all angles, become an activity involving multiple teams following multiple approaches, processes, SOPs, and SLAs. In my experience, conclusive data and information are crucial for all teams to work in tandem....