Fourth-Party Vendor Risk Management
Fourth-party vendor best practices.
Fourth-party risk is an important step in the vendor management process. In your contract with every one of your third party vendors, you should include how you want your third party to handle communicating with you about a fourth-party vendor. Here are some fourth-party risk management steps you should take to better protect your organization.
Hi – my name is Gordon Rudd with Venminder.
In this 90-second podcast, you’re going to learn a little more about fourth-party vendor risk management and what it entails.
At Venminder, we have a team of experts who specialize in managing third party and fourth-party vendor risk, so we know a thing or two about those fourth parties.
A fourth-party provides a product or service to your third party vendor, so your third-party vendor has a direct contract with them. Remember, in your contract with every one of your third-party vendors you should include how you want your third party to handle communicating with you about a fourth-party vendor.
Here are four steps to assist with fourth-party vendor risk management:
Step 1: Understand the due diligence that should be performed on a critical fourth party vendor. A quick tip is to do as much due diligence on your fourth party vendor as you would on your third-party vendor.
Step 2: Determine the fourth parties you should monitor. If they have access to your organization’s or customer’s confidential information, then they should be monitored.
Step 3: Go ahead and build out a matrix outlining the following to help keep the oversight clear:
- First, list the third-party
- Next, list the fourth-party
- Third, include the relationship between the third and fourth-party
- And finally, list any fourth-parties with a relationship to more than one of your third parties.
And Step 4: Ask your third-party vendor to notify you any time they’re considering doing business with a significant fourth-party. You can request that they contractually commit to this.
It’s critical that you verify your third party has included adequate fourth-party oversight requirements within their own policies. It will affect you.
I hope you found this podcast insightful.
Thanks for tuning in; catch you next time!
Subscribe to our Third Party Thursday Newsletter
Receive weekly third-party risk management news, resources and more to your inbox.