COVID took its toll on humanity in many ways. Firstly, there is the obvious loss of life and associated grief. There is also the overall economic cost and loss of many of the rights that human beings today expect. During lockdowns, over which there was no choice, the human population was inundated with stories of the doom, gloom, and death that the virus would bring and that, post- COVID, we could all expect a ‘new normal’. That promise, rather than bringing hope also brought trepidation and panic. Continue reading
Author Archives: greg
#442 – HOW TO MANAGE THIRD PARTY RISKS – BILL POMFRET PH.D.
Featured
The Third-Party Risk Management landscape has changed dramatically over the last decade. The 2008 financial collapse illustrated that even our strongest industries and institutions were at risk. We started to see more regulations for not only the physical handling of data but also cloud-based and digital data management. This really brought third-party risk management to the forefront of organizational leadership.
Over the years, the vendor risk management industry has grown and morphed to tackle the increasingly complex issue of cybersecurity along with constantly changing international regulations. We’ve also seen a rise in the Chief Information Security Officer position – what once was another role/function for the IT department is now a team of experts in most established organizations. One thing we know for sure is that these challenges are only going to get more complicated, and a strong vendor risk management program is essential for the longevity of an organization.
So, what is next for third-party risk management? How do we evolve as federal involvement increase and we see major breaches and hacks on a regular basis? There are few essential elements to a successful third-party risk management program. It’s a Program, not a Project.
Organizational leadership must stop thinking of risk management as a one-time (or once a year) project. It’s an ongoing program that requires ongoing monitoring. Your vendors’ practices, your business, and the requirements of your industry are constantly changing. Your third-party risk management program should reflect that. This is why tools like RiskRecon which continuously monitor vendor data are essential on top of assessment solutions like Privat to validate security controls. Risk management can be overwhelming, confusing, and time-consuming so it’s tempting to knock it out in a month and then forget about it, but really this should be a constant movement within the organization. Starting with your vendors with the most data touchpoints down to the smallest vendors who have far less access to your company’s information, every vendor should be continuously assessed.
Strengthening Relationships
We all know that a strong relationship goes a long way in any business environment. This is especially true of your vendor relationships. To get your security assessments completed in a timely manner so you can effectively assess your risk, you need buy-in from your vendors. With SPI Inc., we took the time to develop an easy-to-use platform for vendors to quickly complete their assessments and save their answers for future use.
Over the next few years, vendors are going to be responsible for sharing their processes for handling data to more and more of their clients. By establishing a strong relationship early on, you can set yourself up for success and help your vendors at the same time.
Comprehensive Risk Management
The future of third-party risk management is going to be about connecting the dots and having a truly comprehensive program. A good TPRM will include collecting security questionnaires that ask important questions about how a vendor is handling your data. Based on those questionnaires, you assign the vendor a risk rating and leadership uses that information to make decisions about whom to share data with. But how can you check the vendor’s responses? How can you be certain that their answers are accurate? That’s where Safety Projects partnership with Risk Management Inc. comes in – to bridge the gap between security questionnaires and continuous data monitoring. Regardless of what platform you use, it’s critical to have a “due diligence” process in place. Having a comprehensive, scalable TPRM will no longer be an option as data regulation becomes a top priority for governments across the globe and breaches become more commonplace.
McKinsey reported what managing third-party risk in a growing technological climate should include Segmentation and organization of vendors.
- Rules-based due diligence (and evidence of third-party due diligence)
- Post-contract compliance management and transparency
- Clear guidelines for governance and escalations
- Comprehensive technology and modern tools
These elements are true today and we would argue that you should be able to find all these elements in a single platform. Safety Projects International Inc. expanding partnership with Risk Management Inc. speaks to the future of TPRM and provides one of the most comprehensive risk management programs in the industry today. Check out our Webinar on Strategy & Risk for and Dr. Bill Pomfret, CEO of Safety Projects International Inc, who will discuss where third-party risk management is going in the next few years.
Bio:Dr. Bill Pomfret of Safety Projects International Inc who has a training platform, said, “It’s important to clarify that deskless workers aren’t after any old training. Summoning teams to a white-walled room to digest endless slides no longer cuts it. Mobile learning is quickly becoming the most accessible way to get training out to those in the field or working remotely. For training to be a successful retention and recruitment tool, it needs to be an experience learner will enjoy and be in sync with today’s digital habits.”
#442 – FEDERAL ERM SURVEY – JAMES KLINE PH.D.
Featured
In 2023 the Federal Enterprise Risk Management and Guidehouse 9th Consecutive survey of 52 federal agencies was published. (1) The survey was conducted from July 24 to September 2023. Sixty-two percent of the respondents had some Risk Management Function. Seven percent had Finance, Budgeting and Accounting responsibility. In terms of position, nineteen percent were from the Senior Executive Service (SES). Eighty-four percent were non-SES. This piece looks at key survey questions and the responses. Where possible the 2023 and 2022 responses are shown side by side. Continue reading
#442 – INTENTIONAL SELF MANAGEMENT – GREG HUTCHINS
Featured
If you don’t design your own life plan, chances are you’ll fall into someone else’s plan. And guess what they have planned for you? Not much.
Jim Rohn – Author and Entrepreneur
Intentional Self-Management is the fundamental principle behind Working It and is really critical in COVID time. Intentional Self-Management is the art of taking responsibility and the science of taking control of your behavior, health, spirit, career, life, and work. Think about these key Intentional Self-Management questions: Continue reading
#441 – USING A DELTA PROGRAM TO MINIMIZE EARLY FIELD FAILURES – FRED SCHENKELBERG
Featured
Failures happen. Sometimes product failures happen quickly.
You just bought a new feature rich computer and discover it doesn’t work. Right out of the box, it will not power up. Conversations with the tech support and it’s a trip back to the store. Continue reading