Organizations now have more choices available than ever before when it comes to outsourcing information management and IT resources to third party vendors. Cloud computing and everything-as-a-service is becoming more popular, and business units in an organization are choosing to conduct more projects with third parties. In an environment where third party services are seemingly easy to use and quick to deploy, an organization’s liability and risk landscape can increase rapidly and with limited oversight.
Governance of third party vendors, assessment of risk, and remediation of unacceptable risks is critical to protecting an organization’s reputation, business, and customers. IT Security, Legal, and Finance all play an important role in identifying third party vendor projects involved in accessing and managing an organization’s sensitive data. IT Security has a responsibility to assess the risk of third party vendor projects and to ensure that the highest risks are addressed.
ITpolicycompliance.com recently published a report on best practices for Vendor Risk Management, and here are some of the key findings:
What are the business and security benefits of managing third party vendors?
- Reduced data loss
- Reduced audit deficiencies
- Reduced internet security threats
- Reduced liability
- Reduced costs
- Reduced business downtime
What are the attributes of the organizations who are strong at third party vendor management?
- Understand the risks involved in third party vendor management of an organization’s sensitive information or IT resources
- Proactively gather and assess critical information about third party vendors and their projects
- Manage well defined – and automated – processes to manage new and existing third party vendors
What are the attributes of the organizations who are weak at third party vendor management?
- Do not understand the risks involved in third party vendor management of an organization’s sensitive information or IT resources
- Lack vendor management processes
You can download the full report at www.itpolicycompliance.comTags: cloud computing, compliance, IT GRC, IT risk management, third-party data breach, vendor risk management