{"id":12922,"date":"2021-10-07T01:03:06","date_gmt":"2021-10-07T05:03:06","guid":{"rendered":"https:\/\/www.resourcepro.com\/common-pitfalls-in-third-party-risk-management\/"},"modified":"2024-07-15T10:15:18","modified_gmt":"2024-07-15T14:15:18","slug":"common-pitfalls-in-third-party-risk-management","status":"publish","type":"post","link":"https:\/\/www.resourcepro.com\/blog\/common-pitfalls-in-third-party-risk-management\/","title":{"rendered":"Common Pitfalls in Third-Party Risk Management"},"content":{"rendered":"\n<p><em>David is the Senior Director of Information Security for ReSource Pro.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-the-purpose-of-third-party-risk-management\"><strong>What is the purpose of third-party risk management?<\/strong><\/h2>\n\n\n\n<p>There\u2019s a key question every insurance organization should ask before signing on a new third-party service provider: \u201cWhy do we trust them?\u201d After all, signing on a business partner has the potential to <a href=\"https:\/\/www2.deloitte.com\/ca\/en\/pages\/risk\/articles\/reduce-your-third-party-risk.html\" target=\"_blank\" rel=\"noreferrer noopener\">expose your business to risks<\/a> that could negatively impact your customers, reputation, and revenue.<\/p>\n\n\n\n<p>That\u2019s why businesses use third-party risk management (TPRM), a process designed to help them understand and address risks they could be exposed to when working with contractors, infrastructure providers, and service providers. Unfortunately, because the process is complex and can be challenging to perform, businesses often fail to conduct it effectively or neglect it altogether.<\/p>\n\n\n\n<p>In this article, we\u2019ll explore three common reasons third-party risk management fails, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Failure to identify risk<\/li><li>Omission of key steps<\/li><li>Lack of accountability<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-failure-to-identify-risk\"><strong>Failure to identify risk<\/strong><\/h2>\n\n\n\n<p>Most third-party vendors\u2014such as a supplier of office furniture\u2014won\u2019t pose a risk to your organization, but how can you tell which of them do? This is a common challenge for businesses, but it can be resolved by answering these three screening questions:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Does delivery of critical business services depend on the vendor?<\/li><li>Do they store, work with, or process sensitive information, especially <a href=\"https:\/\/www.dhs.gov\/privacy-training\/what-personally-identifiable-information\" target=\"_blank\" rel=\"noreferrer noopener\">personally identifiable information<\/a>?<\/li><li>Is significant IT integration required to work with them?<\/li><\/ol>\n\n\n\n<p>If the answer to any of the above questions is yes, the third-party risk management process should be invoked, and a risk assessment carried out. If the answer to each is no, then procurement can proceed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Omission of key steps<\/strong><\/h2>\n\n\n\n<p>During the risk management process, organizations typically request that the third-party complete a <a href=\"https:\/\/sharedassessments.org\/sig\/\" target=\"_blank\" rel=\"noreferrer noopener\">Standardized Information Gathering<\/a> (SIG) questionnaire. These questionnaires range from 330-1200 questions and are designed to help businesses gather the information needed to carry out a risk assessment.<\/p>\n\n\n\n<p>Too frequently, organizations simply take the results of the questionnaire at face value and neglect to conduct a true risk assessment. The results need to be interpreted, whether by an information security team or risk department, to determine the smallest and largest potential impact a vendor could have on the business, and ultimately determine the level of risk the vendor might present, whether high, mid, or low.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Lack of accountability<\/strong><\/h2>\n\n\n\n<p>A common reason third-party risk management fails is because no individual or team within the organization is held accountable for ensuring the process is carried out how and when it should be. Because the process impacts multiple business areas and involves multiple departments\u2014such as legal, accounting, and IT\u2014key leadership should be briefed on the process, understand and approve it, and help to coordinate all parties involved. This includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>C-suite and SVPs<\/li><li>Talent (HR)<\/li><li>Other key people who directly participate are accounts payable, procurement, legal, internal audit, and security.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Protect your business\u2019 value<\/strong><\/h2>\n\n\n\n<p>As <a href=\"https:\/\/www.resourcepro.com\/blog\/ransomware-todays-biggest-threat-to-your-insurance-organization\/\" target=\"_blank\" rel=\"noreferrer noopener\">cyber risk increases<\/a>, and insurance organizations depend more and more on cloud services and third parties, effective third-party risk management is more critical than ever to protecting your business\u2019 value proposition and customer relationships.<\/p>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p><em>Do your business partners prioritize security? <\/em><a href=\"https:\/\/www.resourcepro.com\/contact-us\/business-solutions\/\" target=\"_blank\" rel=\"noreferrer noopener\"><em>Let\u2019s talk<\/em><\/a><em> about how ReSource Pro can securely support your insurance organization.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As cyber risk increases, and insurance organizations depend more and more on cloud services and third parties, effective third-party risk management is more critical than ever to protecting your business\u2019 value proposition and customer relationships.<\/p>\n","protected":false},"author":6,"featured_media":12923,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"news-category":[],"insurance-segment":[],"services":[],"type-of-content":[38],"resource-type":[],"class_list":["post-12922","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","type-of-content-blogs"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-04-19 11:29:50","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/posts\/12922","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/comments?post=12922"}],"version-history":[{"count":1,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/posts\/12922\/revisions"}],"predecessor-version":[{"id":13814,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/posts\/12922\/revisions\/13814"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/media\/12923"}],"wp:attachment":[{"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/media?parent=12922"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/categories?post=12922"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/tags?post=12922"},{"taxonomy":"news-category","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/news-category?post=12922"},{"taxonomy":"insurance-segment","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/insurance-segment?post=12922"},{"taxonomy":"services","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/services?post=12922"},{"taxonomy":"type-of-content","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/type-of-content?post=12922"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.resourcepro.com\/wp-json\/wp\/v2\/resource-type?post=12922"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}