Fourth-Party Vendor Risk Management

Podcast Transcript

In this 90-second podcast, you’re going to learn a little more about fourth-party vendor risk management and what it entails.

At Venminder, we have a team of experts who specialize in managing third party and fourth-party vendor risk, so we know a thing or two about those fourth parties.

A fourth-party provides a product or service to your third party vendor, so your third-party vendor has a direct contract with them. Remember, in your contract with every one of your third-party vendors you should include how you want your third party to handle communicating with you about a fourth-party vendor.

Here are four steps to assist with fourth-party vendor risk management:

Step 1: Understand the due diligence that should be performed on a critical fourth party vendor. A quick tip is to do as much due diligence on your fourth party vendor as you would on your third-party vendor.  

Step 2: Determine the fourth parties you should monitor. If they have access to your organization’s or customer’s confidential information, then they should be monitored.

Step 3: Go ahead and build out a matrix outlining the following to help keep the oversight clear:

• First, list the third-party
• Next, list the fourth-party
• Third, include the relationship between the third and fourth-party
• And finally, list any fourth-parties with a relationship to more than one of your third parties.

And Step 4: Ask your third-party vendor to notify you any time they’re considering doing business with a significant fourth-party. You can request that they contractually commit to this.

It’s critical that you verify your third party has included adequate fourth-party oversight requirements within their own policies. It will affect you.

I hope you found this podcast insightful.

Thanks for tuning in; catch you next time!