Enterprise risk is affected by the overall vendor risk management program. As reliance on third parties to deliver products and services becomes greater over time, building sound enterprise processes and governance around third-party risk management becomes more critical. Part of building sound enterprise processes includes properly vetting all vendors as an initial step before sending any data to them. Data privacy and security are important from the start when considering third-party vendor management.
To provide you with best practices to help manage enterprise third-party risk, ISACA and OneTrust have developed the Managing Third-Party Risk: Cyberrisk Practices for Better Enterprise Risk Management white paper. This white paper not only covers the preliminary steps to building sound enterprise processes, but also the continuing steps, which include regularly reviewing third-party controls and addressing any identified control gaps as they are discovered to ensure data are protected and third-party risk remains in check.
To learn more, download this complimentary ISACA white paper from the Managing Third-Party Risk: Cyberrisk Practices for Better Enterprise Risk Management page of the ISACA website.