Third-Party Risk Doesn't Stop with the Coronavirus

Even with a pandemic unfolding around us, and even with a mounting list of cancellations, postponements and rainchecks flooding our inboxes daily, third-party risk management just isn’t one of those things any of us can afford to put on the back burner. In fact, now more than ever, third-party risk management is becoming increasingly important — and unfortunately, our recent predicament has become a litmus test for those that have (or haven’t) done appropriate planning and resource creation.

The Harsh Reality of Poor Pandemic Preparation

In our recent webinar with Forrester, principal analyst Renee Murphy and I discussed the devastating impacts a poorly drafted pandemic plan can have on an organization. Just think about our current climate and how many employees are having to work offsite for an extended period of time. Is your customers’ data protected? Can your employees function as normal and for how long is it sustainable? These, among many other questions, are becoming ones we need answers to…and fast.

Early in this crisis, Forbes reported that 94% had suffered a supply chain disruption as a result of COVID-19. I’d bet my left shoe that’s at 100% now.

The Third-Party Risk Show Must Go On

The hard truth is your chain is only as strong as its weakest link. Pandemic plans are being put to the test right now! And throughout it all, the regular work on third-party risk management must go on. This means working through your due diligence process and even potentially increasing frequency of it.

So, what can go wrong if you put third-party risk management on the back burner for the time being? Neglecting the basics of third-party risk management can invite a whole host of unintended consequences such as:

• Cost your organization its reputation you’ve worked so hard to build
• Operational failures
• Data breaches
• Missed contract renewals and, ultimately, begin to lead your organization down the path of financial stress
• Unhappy customers due to poor vendor service levels
• Increased regulatory risk
• Inconsistences in processes
• Unsatisfied examiners and regulators

And much more… all in a time when it’s critical, we protect these areas as much as possible.

We know it’s difficult during these times. While we don’t have any control over our current global circumstances, here’s what we do have control over:

1. Cybersecurity. Ensure the CIA triad —the Confidentiality, Integrity and Availability — of your data remains intact. Identify areas of concern and make sure to request security updates.
2. Lessons Learned. If we could drum up a silver lining in this whole experience, it’s the opportunity it’s given us to improve our preparedness. Use this time to identify the gaps. What areas need improvement? What circumstances weren’t accounted for? Use this experience to create a better, more comprehensive pandemic plan for your organization.
3. Third-Party Pandemic Plans. Things have likely not gone according to plan with all of your vendors. But just because we’re in the thick of it doesn’t mean it’s too late to request pandemic planning if you haven’t done so already, and it doesn’t mean it’s too late to vet the pandemic plans you do already have.

As Viktor Frankl, a well-known neurologist, psychiatrist and Holocaust survivor once said, “When we are no longer able to change a situation, we are challenged to change ourselves.”

And of course, what we can’t change, we can certainly improve, which very much applies to our third-party risk management!

Learn more about the vendor risk management practices you should have in place during a pandemic. Download this infographic.