Even though you don't have a direct contractual relationship with your fourth parties, you still need to do proper due diligence on them. We'll cover how to go about that by using your third party and what to include in your vendor contracts.
Welcome to this week’s Third Party Thursday! My name is Ashley Roberts and I’m a Relationship Manager and Paralegal here at Venminder. Today we are going to talk about fourth parties and the need to consider them when reviewing your third party contracts. In the past we’ve covered what a fourth party is, but let’s still review that now.
So what is a fourth party and why should you care about them?
As we know, a third party is a company with whom you have a direct contractual relationship. A fourth party is a critical third party to your third party and generally one with whom you do not have a direct contractual relationship with. But they are companies that are critical in the delivery of your product, service or housing your customer’s data… so that fourth party is one that you really need to dig into and understand as much about as you do your third party.
Now there’s an element of complexity involved with this. Since you don’t have a direct contractual relationship with that fourth party, you may have to rely on your third party to gather that information or you may have to rely on your third party's own third party risk management program in order to dig in and understand the nature of the relationship.
Either way, it’s incredibly important because anywhere your customers’ data resides you want to make sure you are understanding what threats may be inherent in that environment, so you really want to work closely either with your third party or with their fourth party to ensure that your customers’ data is protected at all times.
And this isn’t just in the course of the normal day-to-day relationship, while that’s critically important, you also need to understand potential vulnerabilities even after that relationship ends. So what’s the best way to go about this? Through your third party contract.
You should contractually commit your third party to:
But, you should put some procedures in place to govern how your third party is handling those. By doing so, you’ll ensure data is secure and hopefully make things a lot more efficient and smooth for future interactions.
Again, I’m Ashley and thanks for tuning in to this week’s third party Thursday; if you haven’t already done so, please subscribe to our series.