PUBLISHER: IDC | PRODUCT CODE: 2015279
PUBLISHER: IDC | PRODUCT CODE: 2015279
IDC PeerScape: Practices to Develop a Security-Focused Third-Party Risk Management Program
This IDC PeerScape explores how organizations are using third-party risk management to securely use third-party products and services. The alternative - not knowing what the risks are - could mean an organization falls outside its acceptable risk appetite."Using third parties is standard business practice to such a point that it's impossible to think of modern business without it. However, with many examples of hacks and data breaches of third parties and critical vendors, it's essential that organizations build a robust third-party risk management program, with at least a focus on IT security, but of course also other areas such as privacy, compliance, and legal," says Nick Kirtley, adjunct research advisor for IDC's IT Executive Programs (IEP).
IDC PeerScape Figure
Executive Summary
Peer Insights
- Practice 1: Assess potential new third parties to ensure they have implemented a security program
- Challenge
- Example
- Major telecommunications company
- International retailer
- Major financial company
- Guidance
- Practice 2: Periodically monitor third parties with frequent reviews, looking at adherence to security clauses, open improvement areas, and new regulatory requirements
- Challenge
- Example
- Major telecommunications company
- International retailer
- Major financial company
- Guidance
- Practice 3: Further develop the third-party risk management program for improved security posture
- Challenge
- Example
- Major telecommunications company
- International retailer
- Major financial company
- Guidance
