Monday, March 1, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

3 Potential Risks When Working with Third-Party Vendors

How Organizations Can Address a Leading Source of Data Breaches

by Matt Kunkel
June 24, 2019
in Featured, Risk
leaking pipe

Vendors make the world go round, allowing organizations to efficiently outsource tasks, but they are a top source of breaches for organizations. LogicGate’s Matt Kunkel discusses the risks companies must address with their TPRM programs.

It’s estimated that anywhere from 20 to 50 percent of workforces are outsourced. While outsourcing can help companies scale and be more efficient, it also can pose a significant risk. Every year, companies continue to experience data breaches because of vendors. Recently, Quest Diagnostics, a clinical laboratory company, announced that 11.9 million customers’ personal information was potentially compromised. The cause of the breach was linked back to third-party vendor American Medical Collection Agency (AMCA), a billing vendor hired by a Quest contractor called Optum 360.

The Quest Diagnostics breach again raises an important issue to the forefront: Companies are not only responsible for the data their own company collects, but the data third-party vendors collect as well. While vendors’ decisions are commonly outside of the company’s control, they still can harm a company’s business and reputation.

Before adding a third-party vendor, companies should consider the potential risks below to ensure they are prepared.

Lack of Transparency

With multiple processes and data spread across different systems, it’s often difficult to get a clear picture of third-party relationships. Without a single source of truth, Chief Information Security Officers (CISOs) are left trying to sort through multiple files and business units, leading to a long, drawn-out process of trying to find the right information to report to executives.

Instead of vendor information spread across multiple systems, consider creating a central repository of all third-party vendors. In doing so, risk managers can have a clearer understanding of all assets, risks and threats. This central system becomes a single source of truth for all individuals in the organization, cutting down on confusion and information silos.

Moving Beyond Spreadsheets

As companies continue to transform their digital processes, one would think that organizations have moved beyond the use of spreadsheets to keep track of risk registers. However, this is not the case. Hampered by manual processes, CISOs and risk managers find it challenging just trying to keep up with risk mitigation. As a company grows, so does its risk. If companies continue to rely on spreadsheets or manual solutions to track their third-party vendors, they are opening the door to even more risk and frustration.

To avoid this issue, CISOs should consider solutions that involve robotic process automation. Through this technology, a company can cut down on human errors and automate processes like data collection to help scale the third-party risk program. Utilizing technology to perform third-party risk assessments allows companies to closely monitor third-party risk without causing disruption in a vendor’s day-to-day tasks.

No Plan in Place

Organizations without a plan in place to address risks are more vulnerable to risk, simply for lack of preparation. Companies must take time to analyze risks and put programs in place to measure and monitor risks on an ongoing basis. By having a program in place, CISOs can feel confident that risks are being identified and handled properly.

Vendor relationships do increase risk for an organization. However, this does not mean companies should not work with third-party vendors. Instead, companies should take precautionary steps to ensure all vendors are sufficiently monitored before issues occur. By pulling vendors into a single source of truth, all parties involved can have a transparent view of their vendors and avoid any hidden dangers.


Tags: data breachreputation riskrobotic process automation (RPA)third party risk management
Previous Post

5 Ways Your Company’s Privacy Policy Could Be Insufficient

Next Post

Is It Smoke or Is It Fire? Using Internet Data to Investigate Claims of Misconduct

Matt Kunkel

Matt Kunkel is Co-Founder and CEO of LogicGate. Prior to LogicGate, he spent over a decade in the management consulting space, building technology solutions to operationalize regulatory, risk and compliance programs for Fortune 100 companies. It was during this time he learned the skills to realize his true calling: building world-class companies that meaningfully affect the lives of others through user-friendly technology. Given his extensive background in the GRC space, Matt regularly speaks and consults on risk and compliance topics. Recently, he was named an Ernst & Young finalist for the Entrepreneur of the Year® 2020 Midwest Award.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
closeup of ceiling mounted smoke detector

Is It Smoke or Is It Fire? Using Internet Data to Investigate Claims of Misconduct

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights