- Mihir Joshi ( DSP BlackRock Investment Managers)
- Manoj Kuruvanthody (Infosys)
- Prateek Mishra (IDBI Federal Life Insurance)
- Vikas Yadav ( Max Life Insurance )
- Rajiv Nandwani (Innodata Inc.) [moderator]
- Third Party- Types of Risks
- Business/Financial Risk - Risking the business and revenue due to third party interference
- Relationship Risk: Jeopardizing the relationships with several customers and vendors
- Operational Risk: Risk of the operations getting disrupted
- How to Map out list of vendors, coverings all the risks involved & evaluating the vendors?
- Categorizing Vendors on the basis of
- Amount of data shared
- Amount of money invested
- Criticality of vendors, and hence calculating Quantitative Risk Value
- Performing Sample Audit on vendors at regular intervals
- Using Technology like VDIM to reduce risks from third party vendors, making sure data doesn't flow out.
- Categorizing Vendors on the basis of
- Fourth Party Discovery Process: Though it's a gray area, but there are few ways to discover breaches due to Fourth Party
- Including a fourth party questionnaire in your due diligence process, before beginning relationship with the third party at the actual time of incident
- Including a fourth party questionnaire in your due diligence process, before beginning relationship with the third party at the actual time of incident
- Regular Monitoring of Third Parties including Breach, if any
- Specifying breach lubrication clause in contracts/Agreements with Vendors
- Inclusivity: Rather than being a supervisor on vendors, be an adviser for its security assessment.
- Continuous vendor risk management risks solutions can be implemented. Example: Firecompass, Bitsight.
- In a nut shell, it can be concluded that,
- Well-documented contracts/agreements plays a vital role in third & fourth party risk assurance
- Regulatory compliance needs to be mentioned in contracts
- Business Unit must have a Third Party Risk Management Framework in place
- Tools like DRM, sample audit can be handy in identifying 3rd and 4th Party Risks
Would you like to share your key learning ? Sign Up and write a blog ! It's free
Comments