Skip to main content

Third-Party Risk Management

According to the Ponemon Institute, one in five data breaches is caused by a lack of proper third-party vetting.  Many of these breaches have been massive, exposing the data of millions of consumers and receiving extensive media coverage. Despite these incidents, many organizations have failed to invest in adequate third-party risk management programs. 

As the reliance on third parties becomes greater, the urgency to address this risk grows.  Third parties of all sorts pose a direct risk to the security of your data.  Some of the largest breaches in recent years were caused not by IT or financial services vendors, but by HVAC contractors, facilities maintenance contractors, and payment systems providers.  These breaches have put tremendous public and regulatory scrutiny on the way companies vet the vendors who touch sensitive data.

Expert Third-party Management Program Development

Focal Point helps clients address this growing frontier in data privacy and security. We have designed and implemented third-party risk management programs for organizations of all sizes. Our privacy experts bring this experience to each engagement, designing third-party risk management programs that meet your business needs and secure your assets. These projects often include:

  • Customizing a program that accommodates all types of third parties;
  • Establishing mechanisms to effectively identify and manage the population of third parties;
  • Defining appropriate privacy, security and compliance requirements for third parties based on inherent risk profiles;
  • Performing on-site and remote third-party risk assessments;
  • Defining processes and templates that facilitate the execution of due diligence and monitoring practices;
  • Creating reporting metrics that allow for visibility into third-party risks to enhance enterprise decision-making capabilities; and
  • Presenting third-party risks to senior leadership teams.

Proven Third-party Risk Management Methodology

Focal Point follows a proven five-step process, which we tailor to meet the needs of each client.

Vendor ProfilesThird-Party Profiles

Each third-party risk management assessment begins with developing a full profile for each of your vendors – classifying each vendor by service, data type, and inherent risk rating.

FrameworkCustomized Framework Development

Focal Point builds a custom risk management framework built around your needs and concerns. 

Assessmentsthird-party Assessments

Assessments range in complexity from self-assessment questionnaires to full third-party assessments, depending on the vendor’s inherent risk rating.

RemediationRisk Remediation

We establish and document ongoing risk management practices for continuous monitoring of third parties.

ReportingReporting and Dashboarding

Focal Point creates report dashboards for each audience – executives, business owners, and other team leaders.


tweets by @FocalPointDR

Loading Tweets...