Fourth party risk is an important step in the vendor management process. In your contract with every one of your third party vendors, you should include how you want your third party to handle communicating with you about a fourth party vendor. Here are some fourth party risk management steps you should take to better protect your organization.
Also available on:
Hi – my name is Gordon Rudd with Venminder.
In this 90-second podcast, you’re going to learn a little more about fourth party vendor risk management and what it entails.
At Venminder, we have a team of experts who specialize in managing third party and fourth party vendor risk, so we know a thing or two about those fourth parties.
A fourth party provides a product or service to your third party vendor, so your third party vendor has a direct contract with them. Remember, in your contract with every one of your third party vendors you should include how you want your third party to handle communicating with you about a fourth party vendor.
Here are four steps to assist with fourth party vendor risk management:
Step 1: Understand the due diligence that should be performed on a critical fourth party vendor. A quick tip is to do as much due diligence on your fourth party vendor as you would on your third party vendor.
Step 2: Determine the fourth parties you should monitor. If they have access to your organization’s or customer’s confidential information, then they should be monitored.
Step 3: Go ahead and build out a matrix outlining the following to help keep the oversight clear:
And Step 4: Ask your third party vendor to notify you any time they’re considering doing business with a significant fourth party. You can request that they contractually commit to this.
It’s critical that you verify your third party has included adequate fourth party oversight requirements within their own policies. It will affect you.
I hope you found this podcast insightful.
Thanks for tuning in; catch you next time!