![Page 1: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/1.jpg)
Emerging Trends in Third-Party Risk Management
Presented by:Carly Devlin and Max Aulakh
Moderated by:Tonya Preston
![Page 2: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/2.jpg)
TODAY’S PRESENTERS
Max AulakhPresident/CEO
Ignyte Assurance Platform
Carly DevlinManaging DirectorColumbus Office
![Page 3: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/3.jpg)
Overview of Third-Party Risk Management
![Page 4: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/4.jpg)
Overview – What is it?
The process of analyzing, verifying, monitoring, and controlling risks presented to your organization, your data, and your operations by third-parties.
Managing third-party risk is generally comprised of conducting various types of due diligence activities on your critical vendors.
Third-Party Risk Management (TPRM)
![Page 5: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/5.jpg)
Basic Market Drivers
Data Protection
Regulatory Compliance
Business Value
![Page 6: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/6.jpg)
Emerging Drivers
Procurement Departments
Information Security Departments
Business Owners
![Page 7: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/7.jpg)
Current State Process
1. Segment 2. Scope 3. Collect
4. Assess5. Remediate6. Report
7. Monitor
Source: OCEG.org
![Page 8: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/8.jpg)
Current State | Vendor Risk Profile
Monitoring allows you to:
▪ Gather assessment trend data & breach data about your vendors
▪ Develop a plan for your vendor to reduce cyber risk over time
▪ Share relevant resources with your vendor (de-risk)
▪ Co-develop a “Target Risk” profile‒ Set of requirements/controls/questions that
should be met
![Page 9: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/9.jpg)
Current Vendor Risk Management Process
Is this really enough?
Can we make the process more data driven?
Can the process be balanced and take in to consideration a holistic view?
Can we somehow partner with our vendors?
Questions from CISOs & Business Leaders:
![Page 10: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/10.jpg)
Re-Defining the Vendor Risk Management Problem
▪ Third-party should not be in a silo‒ Only responsibility of the security department
▪ The problem is multidimensional‒ Quality, delivery, cost considerations, contract, cybersecurity & many
other factors
▪ Relevant & time metrics‒ Multiple sources of data to formulate a score vs. single method
![Page 11: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/11.jpg)
Current Processes & Results
▪ Lack of trust‒ Business owners make decisions on vendors prior to engaging vendor risk
management teams
▪ Reduced budget‒ Vendor risk teams often struggle on getting additional headcount,
technology spend and other initiatives
▪ Program transitions to a Vendor Risk Management project‒ Security teams become responsive to new vendor requests versus
proactively addressing VRM risks
![Page 12: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/12.jpg)
Emerging Trends | Forward Thinking Teams
▪ Holistic Vendor Risk Governance
▪ Enhanced Digital Risk Management
▪ Relevant & Data Driven Metrics
▪ Complete Vendor Scorecard
![Page 13: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/13.jpg)
Emerging Trend # 1 – Holistic Governance
Vendor Risk Dimensions
Quality Delivery Cost Responsiveness Innovation Cyber Risk FinancialCustomer
Complaints
▪ Multidimensional vendor risk management▪ Balanced & properly weighted▪ Interdependency of dimensions
![Page 14: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/14.jpg)
Emerging Trend # 2 – Enhanced Digital Risk Management
▪ Cyber & Digital Risk
▪ Inherent Digital Risk
▪ Residual Risk Management
▪ Target Risk Profile Development
![Page 15: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/15.jpg)
Vendor Inherent Risk Profile
Inherent Risk
Cost
High
Medium
Low
Vendor Criticality
High
Medium
Low
Regulatory
HIPAA
Business Associate
SOX 404 DFARS
Type
Cloud
On-Prem
Development
Data Amount
100 – 200 Records
200 – 300 Records
1000 – 2000 Records
![Page 16: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/16.jpg)
Residual Risk Management
▪ What if vendor cybersecurity risk/residual risk remains too high after the assessment?‒ Do you still conduct business with them?
▪ How do you help your vendors manage flow down requirements?
▪ What can we do to de-risk your vendors from cybersecurity perspective?‒ Supply chain experts use “The Beer Game” to
illustrate power of data sharing to manage product spikes & distribution to protect both the vendor and client.
![Page 17: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/17.jpg)
Emerging Trend # 3 – Relevant Metrics
Vendor Risk Dimensions
Quality
Relevant Metrics
Delivery
Relevant Metrics
Cost
Relevant Metrics
Responsiveness
Relevant Metrics
Innovation
Relevant Metrics
Cyber Risk
Relevant Metrics
Financial Risk
Relevant Metrics
Customer Complaints
Relevant Metrics
▪ Relevant & timely▪ Data driven▪ Help your business make the best informed decision versus only communicating on
taking a risk-based decision
![Page 18: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/18.jpg)
Emerging Trend # 4 – Complete Scorecard
▪ Depth▪ Coverage
![Page 19: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/19.jpg)
Sample Data & Vendor Risk Dashboard
▪ Customized Third-Party Data Pipe‒ LexisNexis‒ D&B‒ OFAC‒ Others
▪ Tailored Risk Algorithms‒ Monte Carlo/Scenario‒ Bayes Network‒ Language Processing‒ Intent Analysis
![Page 20: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/20.jpg)
Key Takeaways
![Page 21: Emerging Trends in Third-Party Risk Management€¦ · Emerging Trends in Third-Party Risk Management Presented by: Carly Devlin and Max Aulakh Moderated by: ... to your organization,](https://reader035.vdocuments.us/reader035/viewer/2022071023/5fd84c6fe572023eb45fb0fd/html5/thumbnails/21.jpg)
Summary
Trend #1: Holistic GovernanceTrend #2: Enhanced Digital Risk Management
Trend #3: Relevant & Timely MetricsTrend #4: Complete Scorecard
▪ What is TPRM?▪ What are the basic drivers?▪ What are some emerging drivers?▪ What emerging trends are forward thinking teams exploring?