Feature Courses

View All Courses

Venminder Product Overview

COVID-19

COVID-19

COVID-19

COVID-19

COVID-19

COVID-19

COVID-19

View All Topic Libraries

Trending Discussions Happening at ThinkTank Community

For critical vendors, it's important, first and foremost, to make sure the contract requires them to notify you of any sub-service providers that are essential to the services they are providing you. This would mean their data center (more than likely), and any other 4th party which has access to your data or is in some how critical to your operations. Furthermore it is important to have a right to audit. Aside from that, see if you can get your critical vendor to provide that information either way, and also validation that they've conducted their due diligence on those 4th parties. I would usually ask for evidence of their assessment, what the results were, and I would also review my critical vendors' third party risk policy to assure they have the proper controls and capabilities in place for those assessments. Just a word of advice, it's always been helpful for me to go about this with a "let's help each other out" mentality. It's one thing do make demands, and another to explain why you have to make sure your company is safe by understanding all the risk areas, and making improvements wherever possible. Certainly open to more feedback - any other tips for 4th parties of our critical vendors?

Join the Conversation Reply

For critical vendors, it's important, first and foremost, to make sure the contract requires them to notify you of any sub-service providers that are essential to the services they are providing you. This would mean their data center (more than likely), and any other 4th party which has access to your data or is in some how critical to your operations. Furthermore it is important to have a right to audit. Aside from that, see if you can get your critical vendor to provide that information either way, and also validation that they've conducted their due diligence on those 4th parties. I would usually ask for evidence of their assessment, what the results were, and I would also review my critical vendors' third party risk policy to assure they have the proper controls and capabilities in place for those assessments. Just a word of advice, it's always been helpful for me to go about this with a "let's help each other out" mentality. It's one thing do make demands, and another to explain why you have to make sure your company is safe by understanding all the risk areas, and making improvements wherever possible. Certainly open to more feedback - any other tips for 4th parties of our critical vendors?

Join the Conversation Reply

View All Discussions

Interactive and Easy-to-Navigate

Modern eLearning courses to guide you through third-party risk management in an interactive and compelling environment. ​

Learn on your Schedule

All courses are self-paced learning so you can take them whenever and wherever you want. Courses range from 90 minutes and up.

Advance your Career
Invest in yourself and your career by continuing your education and stay up-to-date on best practices, trends and more.