Determining who your critical vendors are is a key party of the third party risk management process. In this 90-second video, you will hear more about important questions to ask yourself in order to figure out which of your vendors are critical and non-critical.
Hi – I’m Branan Cooper with Venminder.
In this 90-second video, you are going to learn 3 key questions to help you determine which of your vendors are critical and non-critical to your organization.
Critical vendors are judged on how they will impact your business. We’ve seen the following 3 questions guide hundreds of organizations. Make sure to ask yourself all 3 questions for EVERY SINGLE VENDOR in your scope.
First question: Would the sudden loss of this third party cause a significant disruption to our business?
Second question: Would the sudden loss impact our customers?
And finally, the third question: Would the time to restore service without this third party be greater than one business day? Or greater than what our organization’s business continuity plan calls for as a recovery time?
If you answered YES to any of those questions, then your third party is critical and you’ll want to develop contingency plans.
Remember, make sure not to confuse the terms “critical” and “high risk”.
Critical vendors are judged on how they will impact the business and high, moderate or low risk describes the regulatory related risks (like operational, compliance and reputation to name a few).
See you next time.