Importance of Complementary User Entity Controls for Vendor Relationships
Sometimes, third-party risk management (TPRM) professionals can forget that implementing vendor controls is often a two-way process. Vendor controls will have certain objectives that are only achievable through something called complementary user entity controls (CUECs). A good way to think of CUECs is by comparing them to the safety features of a car. Seatbelts are designed and manufactured by the car maker with the objective of protecting drivers and passengers. However, this objective can only be met if the seatbelt is being used correctly. The CUEC in this scenario would be the proper use of the seatbelt.