Who’s Considered a Third-Party?

One of the questions I get asked frequently is “who qualifies as a third-party?” It’s a great question because the third party ecosystem encompasses a lot more than just suppliers.

A third-party is any company or individual with which or whom you have entered into a business relationship to:

  • Provide goods and services for your own use
  • Perform outsourced functions on your behalf
  • Provide access to markets, products and other types of services

Companies often have more third parties than they realize. Depending on the industry you’re in, examples of third parties can include:

  • Consultants and independent contractors
  • Subcontractors
  • Temporary agencies
  • HR and payroll companies
  • IT hardware, services and support
  • Accountants and auditors
  • Lawyers
  • Banks
  • Credit card processors
  • Agents and brokers
  • Software and software hosting companies
  • Printers
  • Fulfillment and mail houses
  • Parts manufacturers

Managing Risks with Third Parties

Identifying your third parties is important. But what’s even more critical is identifying and managing your risks with them.

Third-party risk management is the process whereby an organization monitors and manages the potential exposure to problems, harm or loss that arise from interactions with all external parties with which it has a relationship. This may include both contractual and non-contractual parties. In other words, you don’t need to have a contract with a vendor for them to have risks that need to be managed.

Five-Step Process for Assessing Third-Party Risk

There are a variety of risks that you need to assess and manage with your third parties. Here’s a five step process for identifying and managing yours.

  1. Identify and classify the third parties with whom you work
  2. Understand your risk exposure
  3. Identify gaps in policies and controls
  4. Prioritize activities to close gaps
  5. Establish process for ongoing risk monitoring

If you need help getting your arms around your third-party risks, we’re here to help.

Author:

Job Title: CEO
Organization: Vendor Centric

Tom is the founder and CEO of Vendor Centric, he has been a trusted advisor to nonprofit organizations for 30 years, with a focus on helping them align the right people, processes and systems to mitigate third-party risk and drive more value from third-party contracts and relationships.

Contact us