Download Our New Report: QRI Perspective On Vulnerability Management
Request A Demo
Risk 360

Using Risk 360 To Assess Third Party Risk

3rd October 2023

Benjamin Wootton
Using Risk 360 To Assess Third Party Risk

In a previous blog post we introduced Risk 360, our new digital platform which we use to support the cyber remediation journey.

We wanted to spend some time explaining how we use the platform to reduce third party risks.

Organisations typically have a number of technology suppliers across realms including infrastructure, software, networks and data.

If these suppliers have poor information security practices, then they represent risk to your business. They could allow access into your systems, misuse your data, or even result in compliance breaches for you.

Many information security professionals will use a rigid and outdated third party diligence form which they send to their vendors to understand their security practices, but these fall short in multiple ways:

  • The supplier will always tell you what you want to hear
  • They are only ran once at the start of the relationship and rarely revisited
  • They will often be filed away and not properly and critically risk assessed

We had more ambitious aims. We wanted to bring third party risk assessment onto a collaborative platform where it could be completed in partnership with the client and the vendors. We wanted to turn it into a continuous process where we continue to engage with the vendor to understand their current practices today and not just at the start of the relationship. And we wanted to apply automation to those assessments to identify risks that exist in the third party supplier network.

Finally, we wanted to break new ground and bring third party risk into our risk scoring models. If our organisaiton is secure, but our suppliers are not, then our organisation is ultimately at significant risk. Third party risk cannot be an afterthought and needs to be surfaced to all relevant stakeholders prior to remediation.

If your business works with a network of third party suppliers, please reach out to us for a demonstration of how Risk 360 can support better visibility of their security capabilities and information security risks.

AI Policy and Governance Navigating the Future image
General
26th July 2024
Sandip Patel KC
AI Policy and Governance Navigating the FutureArtificial Intelligence (AI) continues to evolve at an unprecedented pace, capturing the attention of policymakers and regulators around the globe.Read More
Navigating the Integration of Generative AI in the Workplace image
General
19th June 2024
Sandip Patel KC
Navigating the Integration of Generative AI in the WorkplaceThe meteoric rise of generative AI tools, particularly ChatGPT, has brought both excitement and caution into the workplace.Read More
The Snowflake Attack. A potentially unprecedented data breach image
General
11th June 2024
Sandip Patel KC
The Snowflake Attack. A potentially unprecedented data breachThe cyberattack targeting customers of the cloud storage firm Snowflake is escalating into one of the largest data breaches ever recorded.Read More