A critical part of risk management is evaluating third parties including vendors your organization interacts with. Maclear (www.maclearglobal.com) has put together a list of seven best practices to help assess and manage those risks.
- Identify the risks you need to assess - strategy, operations, regulatory compliance, information technology, financial, reputation, etc.
- Determine who owns the relationship, usually the person or department who negotiates the contract and is the contact with the vendor.
- Centralize management through the organization's risk manager or other authorized person. Small organizations will need input from legal and insurance advisers.
- Make sure all needed experts and stakeholders are involved.
- Know your vendor's vendors - they may be the weal link in security.
- Use an automated system to minimize the risk of manually entered data.
- Monitor vendors on an ongoing basis.