SANTA FE, N.M., April 27, 2017 /PRNewswire/ -- The Shared Assessments Program is pleased to announce the release of its new white paper: Fourth Party Risk Management: Supply Chain Issues and Emerging Best Practices.
As a third party provider takes on risks, which may or may not be visible and/or controllable by the original outsourcer, the differences between third, fourth, fifth or even tenth party risk and security controls become increasingly nuanced, less transparent and ever more complex.
Fourth parties that can impact the risk position of outsourcers have come under examination and now require direct board oversight. As a result, a wide range of constituencies have begun to recognize the associated risks of down-chain providers and the need to increase program maturity to levels that ensure inclusion of consistently applied risk classification or rating criteria. This shift is reflected in the Shared Assessments and Protiviti 2016 Vendor Risk Management Benchmark study findings.
Many serious issues still exist in all verticals around reporting and accessibility of information at the fourth party level. This paper focuses on building an organization's Fourth Party Risk Management program:
- Examining risk management evaluation in light of regulatory and non-regulatory issues throughout the supply chain; and
- Discussing emerging best practices and guidelines in this arena.
Organizations seeking to adopt best practice strategies and methodologies will find it useful to examine what solutions have been successful in peer organizations to gain advantages that include:
(1) Reduction in assessment and remediation efforts and total risk exposure.
(2) Improved provider selection processes.
(3) More meaningful due diligence, risk monitoring information and review.
(4) Early identification of concerns of which the risk team would be otherwise unaware.
You can read/download the full Fourth Party paper here.
About the Shared Assessments Program
As the trusted source in third party risk assurance, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices, building resources that give all third party risk management stakeholders a faster, more rigorous, more efficient means of conducting security, privacy and business resiliency control assessments. For more information on Shared Assessments, please visit http://www.sharedassessments.org.
Marya Roddis, Vice President of Communications
SOURCE The Santa Fe Group, Shared Assessments Program