Services > Risk & Compliance > Third-Party Risk

Third-Party Risk

One in five data breaches is caused by a lack of proper third-party vetting. As the reliance on third parties becomes greater, the urgency to build a program that addresses this risk grows. 
Third Party Risk Feature

Managing Third-Party Risk

Third parties of all sorts pose a direct risk to the security of your data. Some of the largest breaches in recent years were caused not by IT or financial services vendors, but by HVAC contractors, facilities maintenance contractors, and payment systems providers. Focal Point helps clients address this growing frontier in data privacy and security. We have designed and implemented third-party risk management programs for organizations of all sizes and bring this experience to each engagement, designing third-party risk management programs that meet your business needs and secure your assets.

Our Approach

Managing third-party risk can be nearly impossible on your own. Our approach scales up and down with your needs, eliminates assessment backlogs, and can often be delivered using software you already own.

Third-Party Profiles

We begin each third-party risk management assessment by developing a full profile for each of your vendors – classifying each vendor by service, data type, and inherent risk rating.

  • Vendor Profiles
  • Risk Ratings
  • Vendor Library

Risk Framework and Assessments

We then develop a custom risk management framework built around your needs. We distribute assessments to your vendors in the form of questionnaires or onsite visits, based on the vendor’s inherent risk rating.

  • Custom Framework
  • Questionnaire Development
  • Assessment Distribution

Risk Remediation

After completing the vendor assessments, we assign a final risk rating to the vendor, establish and document risk management practices, and assist you in setting up a system for continuous monitoring.

  • Risk Remediation
  • Continuous Monitoring

Reporting and Dashboarding

Focal Point creates dashboards for each audience within your organization – executives, business owners, and other team leaders – providing them with a clear view of risk to the business.

  • Tailored Reports
  • Dashboarding
  • Documented Efforts
Managed Support

Managed Support

Focal Point provides a subscription-based service to help you manage, continuously improve, and execute your third-party risk management program. This includes performing risk assessments on a fixed-fee basis with volume discounts.

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

Our Expertise

Our team brings a range of security, privacy, and legal expertise, providing quick, valuable guidance on shifting regulatory standards.

Our Approach

Our custom framework establishes risk profiles for each third party, and allows for continuous monitoring and reporting dashboards.

Our Deliverables

We provide you with in-depth and customized deliverables that reflect your unique needs and environment, not generic templates.