The end product or service an organization provides to customers is comprised of the value added by the core competencies of the organization and also by third parties (or vendors) of the organization. Till a couple of decades ago, not many
organizations thought about the risks that their vendors would be carrying. When these risks (negative ones) become a reality, they will seriously dent the reputation of the organization.
Typical Risk Management Life cycle
Many instances involving the misdeeds of the third parties either intentionally or unintentionally had hit the reputation of the organizations hard. Some notable examples from the recent past are Target Inc’s data loss by its HVAC vendor, huge customer data loss at Yahoo, at Marriot International and at eBay. With time, rules and compliance policies specific to third party risk management were drafted by regulatory bodies such as Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Cooperation (FDIC) of United States, The British Financial conduct Authority (FCA), Health Insurance Portability and Accountability Act (HIPAA) specific to health care industry. Their applicability to a particular organization depends on the type of the industry and scale of the operations. The larger the organization and critical the operations are , the stringent the applicable regulations would be. For example, financial institutions in the United States with a revenue of above a certain mark need to abide by Heightened Standards of OCC versus the smaller ones that don’t need to be compliant with as stringent regulations.
A typical vendor risk management program involves finalizing policies, establishing Third Party Risk Management Framework and an EGRC smart suite platform such as RSA Archer (RSA Archer has been at the forefront of EGRC implementations in Financial, Insurance, Banking, Manufacturing and Health Care domains).
We at Integrade , with our Third Party Risk Management Subject Matter Experts and cutting edge technological implementation professionals, can bring to you a very sophisticated Vendor Risk Management platform that ticks all boxes of a successful program.
Do write to us on firstname.lastname@example.org to know how we can be your trusted EGRC partner. Alternatively, submit your queries on Contact Us form. Our representatives would get back to you with relevant information. Thanks.