One of the questions I get asked frequently is “who qualifies as a third-party?” It’s a great question because the third party ecosystem encompasses a lot more than just suppliers.
A third-party is any company or individual with which or whom you have entered into a business relationship to:
- Provide goods and services for your own use
- Perform outsourced functions on your behalf
- Provide access to markets, products and other types of services
Companies often have more third parties than they realize. Depending on the industry you’re in, examples of third parties can include:
- Consultants and independent contractors
- Subcontractors
- Temporary agencies
- HR and payroll companies
- IT hardware, services and support
- Accountants and auditors
- Lawyers
- Banks
- Credit card processors
- Agents and brokers
- Software and software hosting companies
- Printers
- Fulfillment and mail houses
- Parts manufacturers
Managing Risks with Third Parties
Identifying your third parties is important. But what’s even more critical is identifying and managing your risks with them.
Third-party risk management is the process whereby an organization monitors and manages the potential exposure to problems, harm or loss that arise from interactions with all external parties with which it has a relationship. This may include both contractual and non-contractual parties. In other words, you don’t need to have a contract with a vendor for them to have risks that need to be managed.
Five-Step Process for Assessing Third-Party Risk
There are a variety of risks that you need to assess and manage with your third parties. Here’s a five step process for identifying and managing yours.
- Identify and classify the third parties with whom you work
- Understand your risk exposure
- Identify gaps in policies and controls
- Prioritize activities to close gaps
- Establish process for ongoing risk monitoring
If you need help getting your arms around your third-party risks, we’re here to help.