ThirdPartyTrust Blog

The key essentials when designing the process around third-party risk management

Posted by Lily Hwang on 12/13/19 3:43 PM

When you are deciding to create a framework for your third-party risk program you need to take the following into consideration:

  • How are you going to categorize your third-parties?
  • How would you rank your third-parties?
  • What is  the criteria/requirement for each one of those categories?

Other areas to consider involve the people component of the workflow, such as business owners, legal, and procurement.  Especially during the contracting phase, by including legal language that assessments and/or assurance programs must be provided. Also, include stipulations regarding renewals that reassessments are required. 

And of course, there is technology, the enabler. Technology provides the automation and a structured way to capture specific data for business and executives to make key decisions on these relationships. Monitoring these data points will contribute to the success or failure of that third-party. 

Read More

Topics: Vendor Risk Management, third party risk

The Real Challenges of Moving Cyber Initiatives Forward

Posted by Jeffrey Spetter on 5/29/18 9:45 AM

With growing executive demand for changes to cybersecurity processes and awareness comes inherent challenges to an organization. To set the stage, the NotPetya attacks on Moeller-Maersk shipping company took them offline for ten days. Jim Haggemann Snabe, the Chairman, describes the heroic efforts to get 45,000 PCs and 2,500 servers back and up and running (see video) proves that ransomware attacks or never before seen attacks can have tremendous impact on business operations.

Read More

Topics: Regulation, IoT Security, Vendor Risk Management, third party risk

Guest Blog by Todd Tressler - Tick tock: a GDPR Primer to meet the deadline next week

Posted by Jeffrey Spetter on 5/23/18 2:52 PM

Discussions on privacy laws have taken front and center in recent weeks as European Union (EU) member states begin enforcing the General Data Protection Regulation (“GDPR”) on May 25, 2018.  As we have been discussing for a while, there is confusion as data collectors try to figure out the impact of this legislation.  There is no question that large, multi-national corporations will have to comply and many of these corporations are already in compliance.  However, with this deadline just around the corner, smaller companies that do not actively target EU residents are struggling with how this legislation impacts them.

Read More

Topics: third party risk, GDPR

How is Cyber Shaping the Insurance Industry? Learn From Pros at Allstate, Trustmark and BCSF.

Posted by Jeffrey Spetter on 4/23/18 3:28 PM

Anders Norremo, CEO of ThirdPartyTrust, had the pleasure of moderating a panel at the OnRamp Insurance Conference on Thursday April 12th, 2018.  The panelist included Mia Boom-Ibes, Fawaz Rasheed, Steve Timmerman, and Tammy Kocher. They all gave great insight to how cybersecurity is shaping the insurance industry. 

We will explore questions surrounding the New York Department of Financial Services Cyber Regulation, next-generation technologies and the biggest needs from these organizations. 

Read More

Topics: Regulation, third party risk, Panel Discussions

Guest Blog by Mike Baier on GDPR and the Integration of Third Party Service Providers

Posted by Jeffrey Spetter on 4/5/18 4:13 PM

While the entire world is seemingly melting with the terrifying onslaught of the enforcement of the General Data Protection Regulation (GDPR…coming to a theater near you on May 25th, 2018) there remains a significant amount of mis-information, confusion, and utter chaos within some of the world’s largest corporations (HQ’d outside of the EU) and on social media regarding the continued use of trusted third parties in support of business operations…especially, those companies not too experienced with heavily regulated environments such as banking, insurance, and other financial services.

Read More

Topics: third party risk, GDPR

Keynote Panel: Re-thinking How to Build Trust in the Vendor Eco-System

Posted by Yasmeen Ghazal on 10/30/17 9:00 AM


On October 18th, 2017, McCormick Center held 3,000 attendees as the first annaul Cyber Security Chicago conference. It offered invaluable insights around hot topics in the industry including IoT Security, DevSecOps and the Equifax Breach. On the Keynote Stage, Anders Norremo, CEO of ThirdPartyTrust, led a keynote on Re-Thinking How to Build Trust in the Vendor Eco-System alongside   Fawaz Rasheed , CISO  of Trustmark Companies, and  Matt Dechant , CISO of Tempus
Read More

Topics: Vendor Risk Management, third party risk

Data Risk in the Third-Party | Ponemon Institute

Posted by Jeffrey Spetter on 10/12/17 8:29 AM

The Ponemon Institute recently rolled out there second annual study of Data Risk in the Third-Party Ecosystem. The study aims to understand trends in the challenges companies face in protecting sensitive and confidential information shared with third parties and 4th party vendors. 

Read More

Topics: Vendor Risk Management, third party risk

ThirdPartyTrust is a vendor risk management platform strengthening cyber risk intelligence and simplifying the management process for enterprises performing vendor risk assessments.
By analyzing both third and fourth party vendor cyber risk using a network-based solution, like 3PT, trust is built and mapped within your vendor eco-system.

Subscribe to Email Updates

Recent Posts