Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

The OCEG GRC Illustrated Series: Addressing Third-Party InfoSec Risk

White Paper, February 8, 2017

Download now

In order to provide great material to you for free our sponsors ask we pass on your details. By downloading this white paper you consent to your details being shared with the sponsor and a free Compliance Week account being created for you.

Information security is the risk topic of the year. Following the many cyber-breaches reported in 2016, most companies are setting focus on securing their own networks and data. But preventing the theft of sensitive information from third-party systems and personnel adds a new layer of complexity that must be addressed.

Despite incredible advances in technology and enhanced regulatory interest, the number of cyber-attacks involving access through third parties has grown dramatically. This isn’t surprising given that more than 80 percent of companies outsource some aspects of their business operations to third parties. The tasks third parties perform are becoming more customer-facing, including sales, distribution, and support services. As a result, third parties can have a more direct impact on a company’s reputation.

Managing the process of verifying, remediating where necessary and monitoring the effectiveness of third party controls demands the use of sophisticated and mission-designed technology. In this Illustration, we define the key steps of the process and identify what the future holds for third party information security management.