Pandemic-driven disruption has drastically changed the way most organizations conduct business, and that includes third-party vendors upon which many companies heavily rely.
In her session, “Monitoring Third-party Risk After Worldwide Disruption and Change” this month at the ISACA Conference North America, Mary Breslin, partner, Verracy, said there are several important questions about vendors that need to be addressed now, including:
- What have they had to change?
- What has been outsourced in the last 18 months? What has been insourced?
- Have the changes impacted the ability to provide their services?
- Have they re-assessed their risks?
- Can other organizations provide their services?
- Have you changed how you use your third parties, and is that changing the risk of the relationship?
It can be worthwhile for IT and compliance professionals to consider how their own organizations have evolved during the past year and understand that those sweeping changes likely also apply to vendors.
“Every company you interact with, every third party that touches you, their business is going through the same stuff, and all of them are handling them to different degrees of effectiveness,” Breslin said.
Breslin said those who manage vendor relationships should be on the lookout for increased signs of risk in the relationship, such as a decline in their financial condition, proper security controls no longer being in place, the third party receiving an increased volume of customer complaints due to poor service levels and the vendor not meeting service-level requirements.
Breslin said it is important to pay special attention to the pandemic’s impact on critical vendors that could cause your business to fail if something went awry.
Cybersecurity risk involving vendors was a top risk even before the pandemic and has become even more acute now given the swift, widespread adoption of remote work, Breslin said. She said focusing on areas such as how vendors access your network and whether their employees are trained on security awareness can help reduce the cyber risk in the relationship.