As we know, reliance on a rather long and complex supply-chain of third-party vendors is growing. Third parties help organizations in attaining their strategic objectives by increasing revenues, reducing costs, and expanding customer base. They can also enhance competitiveness, provide opportunities to diversify and strengthen security and compliance by transferring risks. However, they reduce company’s direct control and thus increase the overall information security risk, especially during pandemic, while most of us are working remotely.
The question is how much to trust the third-party vendors and what is the basis for that. Is it sufficient to give a 500 questions long questionnaire to the vendor at the time of signing the contract? What is the most efficient way to assess vendor risks? What about the vendor side? How to reduce vendor pain-points and how to coach them to enhance their security controls to the expected level?
This presentation is aimed to answer above questions through some practical use-cases and real-life scenarios to provide experience-based guidance on making the TPRM process effective and worthwhile for both the sides, vendor as well as business. Additionally, we shall discuss where to look for help, and how to avoid pitfalls to realize potential of leveraging supply-chain for business.