Third Party Risk Management Services

Third-party risk is any risk brought on to an organization by external parties in its ecosystem or supply chain. Such parties may include vendors, suppliers, partners, contractors, or service providers, who have access to internal company or customer data, systems, processes, or other privileged information or receives such information directly or indirectly from you.

For example, you’re working with an outside analytics company to compile sensitive information and provide trend analysis reports to you. That third party doesn’t have access to your network, but they do have access to sensitive information. The question for you is what level of risk does that present to you? What controls does that entity have in-place to make sure that they are protecting the data from being compromised? At the end of the day, you, as a Covered Entity, want to ensure you are evaluating your risk and making sure you’re minimizing that risk. That’s where third-party risk management services come in.

Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties.

Enter Vestige’s Third Party Risk Management (TPRM) services. Our TPRM solution is a turn-key solution whereby we evaluate your third parties and provide you with risk information that allows you to make educated decisions about the risk that your third parties bring to you. We will:

help you identify and prioritize your third parties,
provide you with an introductory email template that you send to your third parties introducing us (afterall, you have the relationship with that third party),
follow-up directly with your third parties and administer an appropriate level of assessment and questions designed to understand their controls,
evaluate the third parties’ responses and determine the relative risk that they bring, and
provide a report for discussion with you

This becomes an important, on-going aspect of your overall cybersecurity program designed around reducing your risk.

To address the potential of a third party breach or if one has already occurred, Vestige offers Third Party Risk Management Services.

Example:

Insurance Company Panel Counsel | Third Party Risk Management Remediation
Vestige continues to work with a Top 10 Global Insurance carrier on the remediation of Panel Counsel’s cybersecurity program worldwide.

The carrier, in response to on-going cybersecurity statutes, has implemented a robust Third Party Risk Management (TPRM) program. The Risk Management department for the carrier has determined that all third parties must be 100% in compliance with their requirements. While a large percentage of Panel Counsel can comply, there is a significant portion of firms that are not in compliance and need assistance in getting there. The insurance carrier has a vested interest in making sure these firms remain on their panel and as such is working with Vestige to provide a comprehensive remediation program that Panel Counsel can enroll in.

Vestige works with the Panel Counsel and customizes solutions that address a wide range of issues such as: policy & procedure activities (i.e. Written Information Security Program (WISP), Change Management, Incident Response Planning and Disaster Recovery/Business Continuity Planning); technical activities such as implementing vulnerability management, encryption, secure remote access, hardening the Panel Counsel’s systems and more.

To date we have worked with more than 200 Panel Counsel firms around the world in every time zone and multiple foreign languages.

Contact Vestige today to discuss implementation of Third Party Risk Management Services at your organization.