Small Business Tax Center
Small Business Ideas, Grants &
Plans to Start & Run a Business:

Small Business Grants
Network in Cyberschmooz Community Ask Questions Questions and Answers Share Tips Small Business Ideas List Your Business Business Advice from Idea Cafe Experts Coffee Talk with Experts Starting A Business Business Plan Biz Planning | Sample Plans Small Business Ideas Idea Name Your Biz Name Plan Your Biz Plan Financing $ Starting a Business Do It! Running your Business Marketing Tips Promotional Merchandise Marketing Tips Marketing | Sales | Customers Human Resources HR | Employees | Contractors Legal Forms & Tax Information Legal | Biz Forms Managing a Business Managing | Operations
Financing Resources Financing Your Business E Commerce & Webhosting eCommerce Take Out Info Trade Publications FREE Trade Publications Business Books Biz Books Your Own Business Small Business News Small Biz News Gen X Biz Gen X Biz Work at Home Work @ Home Business Information The Fridge - Biz Info on Ice Destress Send Awards Send Awards & Greetings Yoga At Your Desk Yoga @ Your Desk Fun Guide Guide to Find FUN Online About Idea Cafe Press Idea Cafe has received Idea Cafe in the News Idea Cafe's Kudos Kudos for Idea Cafe Advertise on Idea Cafe Advertise on Idea Cafe Privacy Policy Privacy Policy Contact Idea Cafe Contact Idea Cafe Link to Idea Cafe Link to/from Idea Cafe Join Idea Cafe
Search Idea Cafe Site Directory Site Map Online directory to business resources Biz Web Guide

Expert Answers to Biz Questions

Listen in! Pick up some expert advice to a reader's question that we selected from CyberSchmooz.

color business bar

Here’s What You Need to Know about Managing Third-Party Risk


Third-party risks are getting bigger than ever. Most companies these days -- even the smallest ones -- need to rely on third-party vendors for services, supplies, distribution, and even contractors. But these relationships can create opportunities for risk to impact your business.


That’s because what goes wrong in a vendor’s organization can easily affect, or in the case of issues like data breaches or cyber attacks, even spread to, your organization. If your third-party vendor doesn’t adhere to regulatory guidelines, your company could face sanctions. If your vendor’s lax security protocols enable a data breach, your reputation and security could be on the line. Managing these risks is an essential part of running a business today. Here’s what you need to know.

Risk Assessment Has Moved Beyond Procurement

The days when you only had to worry about assessing a vendor’s risk profile during the procurement process are over. But these days, things can change quickly in a vendor’s organization -- if there’s a data breach, or some other cyber event, for example, your vendor’s entire operation could shut down in a matter of hours, and if it doesn’t, that could just mean worse news for your organization as the security breach spreads.


And in the new regulatory landscape, there are other reasons to monitor vendor risk on a continuous basis. For example, efforts to curb corruption in the supply chain mean that, under the Foreign Corrupt Practices Act (FCPA), you could be held liable for the unlawful actions of third-party suppliers and vendors even if they’re not located in the U.S. And even if your organization successfully fights off the charges, the cost of defending yourself could be debilitating, especially for a smaller company.


Whether you’re hoping to fend off data breaches, provide regulatory oversight to protect your company from liability, protect your reputation, or just make sure that you have the supplies and services you need to operate, it’s imperative that you make third-party risk management an ongoing process of monitoring vendor profiles for changes in their risk level. With enough advanced warning, you can even better prepare your organization for harder-to-avoid risk events like natural disasters and geopolitical unrest.

Remain Vigilant Against Vendor Risk

According to one study by Deloitte, 87 percent of firms surveyed said they experienced a vendor risk event serious enough to disrupt operations, and 11 percent of those surveyed said the event was bad enough to result in a complete failure of the third-party relationship. Clearly, third-party risk is common, and no matter how long you’ve been working with a vendor, no third-party relationship is immune to risk.


Third-party risk management should be a priority at every level of your organization, and your vendor risk management program should have strong oversight. Align your approach to third-party risk management not with short-term gains, but with supporting your company’s mission and objectives.


Work together with vendors to build a framework for risk management into the relationship. Every interaction with a vendor should be done with managing risk in mind, as well as with meeting your strategic goals and collaborating to help the vendor meet theirs. Employees should be trained on how to implement risk management strategies and safeguards into their vendor interactions, and there should be standardized processes for managing risk.


It’s important not to take an emergency-focused approach, in which you wait for a risk event to happen and then respond to it. Instead, you should take a proactive approach that seeks to prevent emergencies and prepare your organization to cope with them when they do occur. You can save a lot of money, time, and stress by monitoring vendors for changes in risk status, and responding accordingly to prevent risk events like data breaches, reputational damage, or operational failure.


If you want to be in business today, you need to be able to negotiate successful and long-lasting vendor relationships. But these relationships don’t come without risks. Vendors can fail to meet their contractual obligations for any number of reasons, and they can create other risky situations when they fail to take seriously the ramifications of lax cyber security protocols or poor conduct abroad. Only when you maintain continuous risk monitoring can you hope to keep your company safe from third-party risks.


Small Business Tax CenterIdea Cafe HomeSign UpBiz Grant CenterCyberSchmoozCoffee Talk with ExpertsPeople in Biz ProfilesStarting Your BizBiz PlanningRunning Your BizFREE Trade PublicationsMarketingFinancing Your BizHuman ResourcesLegal & Biz FormsManaging Your BizeCommerceYou and Your BizGen XWork@HomeThe FridgeDe-StressSend an AwardSend an eGreetingYoga @ Your DeskWeb GuideIdea Cafe in the NewsAbout Idea CafeAdvertise on Idea CafeContact UsPrivacy PolicySite MapSmall Biz News

Copyright 1995-2024, Idea Cafe Inc. Downloads are for personal use only, not for resale to others, and may not be reprinted in any form without written permission from Idea Cafe Inc.

DISCLAIMER: We hope whatever you find on this site is helpful, but be cautioned that it may not apply to your own situation, or be totally current at any given time. Idea Cafe Inc. and all of its current and past experts, sponsors, advertisers, agents, contractors and advisors disclaim all warranties with regard to anything found anywhere on this family of websites, quoted from, or sent from Idea Cafe. and its related sites, publications and companies. We also take no responsibility for comments published by others on these pages.

TRADEMARKS: The following are Registered Trademarks or Servicemarks of DevStart, Inc.: Idea Cafe®, Online Coffee Break®, The Small Business Gathering Place®, Take out Info®, Biz Bar & Grill®, Complaint-O-Meter®, A Fun Approach to Serious Business™, CyberSchmooz™, and BizCafe™.