Specifically, it’s time to start looking at third, fourth - even deeper-level suppliers in terms of TPRM. And digging deeper you’ll find some challenges indeed when it comes to information security. For example, a recent study found that 98 percent of organizations have vendor relationships with at least one third-party that has experienced a breach in the last two years. The study, which analyzed data from over 235,000 (primary) organizations across the globe and more than 73,000 vendors and products used by them directly (third-parties) or used by their vendors (fourth-parties), is yet just more evidence of the growing challenges of implementing and maintaining a truly effective TPRM.

Also, “This does not mean that those organizations were involved or impacted by those breaches. It doesn’t even mean that the nature of the relationship between the victim and its third parties is such that the breach could propagate to them,” the report noted. “But, it does mean that nearly every organization is at least indirectly exposed to risk from circumstances outside their control.”¹

“Design & Deploy” – An Industry Leading Third-Party Risk Management Process

With any services we offer, TPRM being no different, Centris employs a proven process known as “Design & Deploy” for ensuring complete coverage of all measures relating to the broader subject of Third-Party Risk Management. Core concepts included within Centris’ Design & Deploy methodology for TPRM management include the following phases:

1. Framework Considerations
2. Scoping Considerations
3. Identification & Classification
4. Risk Assignment
5. Due-Diligence & On-Boarding
6. Continuous Monitoring
7. Follow-Up/Reporting and Corrective-Action
8. Off-Boarding
9. Training

¹ https://healthitsecurity.com/news/rise-in-third-party-data-breaches-requires-updated-risk-management-approach