Analyst Insight: The Gartner® Market Guide for IT Vendor Risk Management Solutions
I’m sure you’ve heard all the metaphors used to describe maturing a third-party risk management program: "It’s a journey!" "It’s a marathon; not a sprint!" "It takes a village!" Regardless of how you describe your TPRM program, your organization's board and executive leadership need to know that you can reduce third-party risk to acceptable levels. In my experience, getting there requires the "Three Ts" of Talent, Tools and Techniques. Thanks to one of my favorite Chief Security Officers for sharing this concept with me (you know who you are!).
Hitting the third-party risk maturity bullseye requires the right mix of Talent, Technology and Techniques.
What makes a solid third-party risk team? I believe it's a team that ...
While the word “tool” belittles the solutions, platforms and technologies designed to help manage third-party risk, it works with the theme of “Ts” 😉. Good solutions deliver ...
The final "T" stands for Techniques, which are the processes, policies and procedures that enable your program to efficiently operate. Good techniques include ...
That’s sort of a trick question. If you have an established third-party risk management program, then it really comes down to which area requires the most help to bring things into balance. Maybe you have some (possibly underused) tools, but you're lacking the people or processes to support them. Maybe you have great people but no tools or well-defined processes to support them. Or, you might have a great process without the right team or tools to execute it.
On the other hand, if you're in the early stages of your program, the best place to start is with "Techniques." Set the foundation for the program with solid processes and procedures, and you can then build a team of experts and support them with the right tools.
Are three Ts must be present to hit the target of third-party risk maturity. Going back to my metaphors at the beginning of this blog, it’s a journey that is unique to your organization. It might take a few years to get there, but the right mix of people, process and technology will speed you along.
If you're curious to what degree your Talent, Tools and Techniques are supporting your third-party risk efforts, I recommend you engage with one of our third-party risk management specialists for a complementary, one-hour maturity assessment. The session will produce a report outlining a specific roadmap for addressing any shortcomings in your third-party risk management program.
Contact us to schedule your personalized TPRM maturity assessment today!
Here are 7 ways to leverage machine learning analytics and reporting in your third-party risk management program.
Consider these best practices to limit your risk exposure when offboarding vendors and suppliers.
Software supply chain attacks are driving new efforts to standardize software bills of materials. Here are...