Today’s digital supply chain ensures that data being a valuable asset, must be protected, secured, managed with care and stored according to corporate policies, regulatory compliance requirements and legal mandates.
The varied business functions forces many enterprises to outsource some of the activities to a third party. However such enterprises are still held accountable for not only for their own activities but also for their outsourcing partners, suppliers, business partners etc.
Enterprises make vague assumptions that security standards are consistently followed across its geographically dispersed business units and data centers. Malicious hackers attack the lesser secure third party to grab sensitive data using such third parties as backdoors to the parent enterprise’s data centers.
Our best practices for addressing third-party vendor risks include the following:
- Having strong governance controls in terms of assessing partners
- Educating the business owners so that risk assessment is incorporated at the beginning of every partner/supplier engagement, instead of having this treated as a “checkbox” assessment.
- Tiering vendor risk assessment standards and practices according to the security profile of the data and systems that is shared.
- Automating the policies and business processes for risk assessment to ensure consistent enforcement and legal defensibility.