Hi! Welcome to Third Party Thursday! This is Branan Cooper; I’m the Chief Risk Officer here at Venminder. And today we’re going to talk a little about Fourth Parties.
So you're asking yourself right now, "What is a fourth party? I've just gotten my head around the whole concept of having third parties." So what is a fourth party? A fourth party is your third party's third party. It's one with whom you don't a have a direct contractual relationship but is providing a significant function to your third party. So, you do need to be involved with your fourth parties directly.
You need to understand your third party's process for verifying information. In fact, you may even have to rely on your third party to collect due diligence documentation on your behalf. But it's very important that you do the full investigation just as though they're your third party.
You're going to need their help in collecting certain documents and asertaining certain things like information security policies, business continuity plans, scripting - anything that could pose a problem for your business if it goes wrong.
Anywhere the data goes, you should really be following. By that I mean you may need to consider even beyond a fourth party, down to a fifth party or even beyond that. Remember that concerns over third parties and things like the Target breach were inadvertently facilitated by their HVAC contractor, who would have been a fourth party in that relationship.
Again, I’m Branan Cooper, thanks for watching! And don’t forget to subscribe for next week’s Third Party Thursday video.