Vendor or enterprise third party risk related breaches are at an all time high. Several of the high profile breaches like Uber, Amazon, British Airways & more has been caused due to third party. Most of the major security related framework, guidelines, compliance and regulations has made third party risk management a mandatory part of overall security program. Following are the key steps for building an effective third party risk management (vendor risk management) program.
Create a list of your Third Party / Vendors
Vendor identification is one the hardest problem. You can get the list of the 3rd party and vendors in use from the procurement but the harder problem is to know the vendors which are being used by the engineering team, free tools being used by marketing. You must definitely ask for the list of vendors from all the key stakeholders in the organization. Even if you get the response (which will take a lot of time and sometime it shall tend to infinity) don’t be happy.. Here’s the second tough problem. (Get A Free Demo) Discover Your Attack Surface Now