No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

3 Potential Risks When Working with Third-Party Vendors

How Organizations Can Address a Leading Source of Data Breaches

by Matt Kunkel
June 24, 2019
in Featured, Risk
leaking pipe

Vendors make the world go round, allowing organizations to efficiently outsource tasks, but they are a top source of breaches for organizations. LogicGate’s Matt Kunkel discusses the risks companies must address with their TPRM programs.

It’s estimated that anywhere from 20 to 50 percent of workforces are outsourced. While outsourcing can help companies scale and be more efficient, it also can pose a significant risk. Every year, companies continue to experience data breaches because of vendors. Recently, Quest Diagnostics, a clinical laboratory company, announced that 11.9 million customers’ personal information was potentially compromised. The cause of the breach was linked back to third-party vendor American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum 360.

The Quest Diagnostics breach again raises an important issue to the forefront: Companies are not only responsible for the data their own company collects, but the data third-party vendors collect as well. While vendors’ decisions are commonly outside of the company’s control, they still can harm a company’s business and reputation.

Before adding a third-party vendor, companies should consider the potential risks below to ensure they are prepared.

Lack of Transparency

With multiple processes and data spread across different systems, it’s often difficult to get a clear picture of third-party relationships. Without a single source of truth, Chief Information Security Officers (CISOs) are left trying to sort through multiple files and business units, leading to a long, drawn-out process of trying to find the right information to report to executives.

Instead of vendor information spread across multiple systems, consider creating a central repository of all third-party vendors. In doing so, risk managers can have a clearer understanding of all assets, risks and threats. This central system becomes a single source of truth for all individuals in the organization, cutting down on confusion and information silos.

Moving Beyond Spreadsheets

As companies continue to transform their digital processes, one would think that organizations have moved beyond the use of spreadsheets to keep track of risk registers. However, this is not the case. Hampered by manual processes, CISOs and risk managers find it challenging just trying to keep up with risk mitigation. As a company grows, so does its risk. If companies continue to rely on spreadsheets or manual solutions to track their third-party vendors, they are opening the door to even more risk and frustration.

To avoid this issue, CISOs should consider solutions that involve robotic process automation. Through this technology, a company can cut down on human errors and automate processes like data collection to help scale the third-party risk program. Utilizing technology to perform third-party risk assessments allows companies to closely monitor third-party risk without causing disruption in a vendor’s day-to-day tasks.

No Plan in Place

Organizations without a plan in place to address risks are more vulnerable to risk, simply for lack of preparation. Companies must take time to analyze risks and put programs in place to measure and monitor risks on an ongoing basis. By having a program in place, CISOs can feel confident that risks are being identified and handled properly.

Vendor relationships do increase risk for an organization. However, this does not mean companies should not work with third-party vendors. Instead, companies should take precautionary steps to ensure all vendors are sufficiently monitored before issues occur. By pulling vendors into a single source of truth, all parties involved can have a transparent view of their vendors and avoid any hidden dangers.


Tags: Data BreachReputation RiskRobotic Process Automation (RPA)Third Party Risk Management
Previous Post

5 Ways Your Company’s Privacy Policy Could Be Insufficient

Next Post

Is It Smoke or Is It Fire? Using Internet Data to Investigate Claims of Misconduct

Matt Kunkel

Matt Kunkel

Matt Kunkel is Co-Founder and CEO of LogicGate. Prior to LogicGate, he spent over a decade in the management consulting space, building technology solutions to operationalize regulatory, risk and compliance programs for Fortune 100 companies. It was during this time he learned the skills to realize his true calling: building world-class companies that meaningfully affect the lives of others through user-friendly technology. Given his extensive background in the GRC space, Matt regularly speaks and consults on risk and compliance topics. Recently, he was named an Ernst & Young finalist for the Entrepreneur of the Year® 2020 Midwest Award.

Related Posts

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

Build and Scope Better Vendor Due Diligence Questionnaires

Build and Scope Better Vendor Due Diligence Questionnaires

by Corporate Compliance Insights
January 18, 2023

Make sure you're asking all the right questions when onboarding new third-party vendors White Paper Build and Scope Better Vendor...

SWISS GRC DAY 2023

SWISS GRC DAY 2023

by Aarti Maharaj
December 15, 2022

The SWISS GRC DAY brings together interested parties from all over Switzerland and nearby countries. Topics include first-hand news, challenges...

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

by Aarti Maharaj
December 8, 2022

The GFMI 16th Edition Third Party Vendor Risk Management for Financial Institutions conference taking place in New York, NY on...

Next Post
closeup of ceiling mounted smoke detector

Is It Smoke or Is It Fire? Using Internet Data to Investigate Claims of Misconduct

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT