Third Party Risk Management

Software Supply Chain Risk Management: Leveraging Standards to Communicate Expectations

Posted: 10/26/2018 - 00:41
Growing concerns related to dependencies on software-reliant information communications technology (ICT) and Internet of Things (IoT) devices are pushing changes in governance associated with supply chain risk management (SCRM). The possibility of disruption exists because the software that enables critical capabilities is vulnerable and exploitable. Exploit potential is often more about the vulnerability of assets in target organizations than the ingenuity of the attackers.

Right-Sizing Your Third-Party Risk Management Program

Posted: 06/27/2018 - 01:43

Third-party risk management is worth doing well—not only to protect your institution’s reputation, resources, and customers, but also because third-party risk management is part of safety and soundness exams. The effectiveness of a third-party risk management program is seen as an indicator of overall management capabilities. The design of third-party risk programs varies across institutions. 

There can be differences in:

The Importance of Participatory Compliance with Your Critical Vendors

Posted: 05/26/2018 - 01:22
Actively participate in anticipatory compliance activities to monitor risk.

In a recent interview for a technical blog, I mentioned that I heard keynote speaker former U.S. Attorney General John Ashcroft (at the 2016 Securities Industry and Financial Markets Association’s (SIFMA) Internal Auditors Society conference) reference that organizations should prepare to adopt what he called “anticipatory compliance.” This concept involves outsourcers being able to demonstrate that they are actively anticipating, studying and acting on perceived threats (cyber and otherwise) both internally and with their outsourced business partners.

The Power of Collaboration

Posted: 05/12/2018 - 00:02

MeMbers of rMA’s Third-Party Risk Management Round Table are experienced leader-practitioners, individually and collectively creating emerging best practices in third-party risk management. As the round table’s facilitator, subject matter expert, and member of the Steering Committee, it’s exciting and rewarding for me to be integral to this evolution.

Pages

Subscribe to RSS - Third Party Risk Management