How to Select a Third-Party Risk Management Framework in 2019

How to Select a Third-Party Risk Management Framework

Table of contents

  1. What is third-party risk management (TPRM)?
  2. Why you do I need a third-party risk management framework?
  3. How do I select a third-party risk management framework?
  4. Is my business liable for third-party breaches?
  5. Is my organization liable for third-party breaches if we are not in financial services?
  6. What are the best practices for a third-party risk management framework?
  7. How UpGuard can help you reduce your third-party vendor risk

What is third-party risk management (TPRM)?

Why you do I need a third-party risk management framework?

How do I select a third-party risk management framework?

Is my business liable for third-party breaches?

Is my organization liable for third-party breaches if we are not in financial services?

What are the best practices for a third-party risk management framework?

  1. Take inventory of all third-party vendors your organization has a relationship with
  2. Catalog cybersecurity risks that the counterparties can expose your organization to
  3. Assess and segment vendors by potential risks and mitigate risks that are above your organization’s risk appetite
  4. Develop a rule-based system to assess future vendors and set a minimum acceptable hurdle for the quality of any future third-parties in real-time by reviewing data security and independent reviews
  5. Establish an owner of vendor risk management and all other third-party risk management practices
  6. Define three lines of defense including leadership, vendor management and internal audit
  • The first line of defense — functions that own and manage risk
  • The second line of defense — functions that oversee or specialize in risk management and compliance
  • The third line of defense — functions that provide independent assurance, above all internal audit

How UpGuard can help you reduce your third-party vendor risk

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
UpGuard

UpGuard

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.