Third-Party Risk

One in five data breaches is caused by a lack of proper third-party vetting. As the reliance on third parties becomes greater, the urgency to build a program that addresses this risk grows. 
Third Party Risk Feature

Managing Third-Party Risk

Third parties of all sorts pose a direct risk to the security of your data. Some of the largest breaches in recent years were caused not by IT or financial services vendors, but by HVAC contractors, facilities maintenance contractors, and payment systems providers. Focal Point helps clients address this growing frontier in data privacy and security. We have designed and implemented third-party risk management programs for organizations of all sizes and bring this experience to each engagement, designing third-party risk management programs that meet your business needs and secure your assets.

Our Approach

Managing third-party risk can be nearly impossible on your own. Our approach scales up and down with your needs, eliminates assessment backlogs, and can often be delivered using software you already own.

Third-Party Profiles

We begin each third-party risk management assessment by developing a full profile for each of your vendors – classifying each vendor by service, data type, and inherent risk rating.

  • Vendor Profiles
  • Risk Ratings
  • Vendor Library

Risk Framework and Assessments

We then develop a custom risk management framework built around your needs. We distribute assessments to your vendors in the form of questionnaires or onsite visits, based on the vendor’s inherent risk rating.

  • Custom Framework
  • Questionnaire Development
  • Assessment Distribution

Risk Remediation

After completing the vendor assessments, we assign a final risk rating to the vendor, establish and document risk management practices, and assist you in setting up a system for continuous monitoring.

  • Risk Remediation
  • Continuous Monitoring

Reporting and Dashboarding

Focal Point creates dashboards for each audience within your organization – executives, business owners, and other team leaders – providing them with a clear view of risk to the business.

  • Tailored Reports
  • Dashboarding
  • Documented Efforts
Managed Support

Managed Support

Focal Point provides a subscription-based service to help you manage, continuously improve, and execute your third-party risk management program. This includes performing risk assessments on a fixed-fee basis with volume discounts.

Different from the Rest

At Focal Point, we take a different approach to managing cyber risk.

Our Expertise

Our team brings a range of security, privacy, and legal expertise, providing quick, valuable guidance on shifting regulatory standards.

Our Approach

Our custom framework establishes risk profiles for each third party, and allows for continuous monitoring and reporting dashboards.

Our Deliverables

We provide you with in-depth and customized deliverables that reflect your unique needs and environment, not generic templates.
Have a question?

Contact Us

Focal Point is excited to take on your biggest data risk challenges. If you'd like to speak to a Focal Point expert or inquire about our services, please fill out the following form.

Featured Insights

The latest opinions, guidance, and trends from the most innovative thinkers in third-party risk management.
Understanding VRM White Paper
White Paper

Understanding the Vendor Management Lifecycle

In this paper, we highlight the vendor management lifecycle and walk through the step-by-step process of building a sound vendor risk management program. This paper will provide you with guidance on...
Learn More
Third Party Risk Management Blog
Blog

Top Trends in Third-Party Risk Management

Roughly 61% of U.S. companies have experienced a data breach caused by a third party. To address this risk, many organizations are changing their approaches to third-party risk management...
Learn More
Future of IRM
White Paper

The Future of Integrated Risk Management

Many leading organizations are moving away from traditional Governance, Risk, and Compliance (GRC) models and building Integrated Risk Management (IRM) programs...
Learn More