Engage with third parties to address tactical and systemic security-performance gaps necessary to achieve a satisfactory risk-management position.
Reduce your risk exposure by holding your third parties accountable to meeting your risk management performance standards. Customer risk feedback to vendors that is timely, relevant, and actionable is a powerful motivator for third-parties to do the right thing.
Provide your third parties with risk-prioritized action plans that guide them in addressing tactical and systemic risk. Set expectations for issue remediation timing and follow up on all commitments. Proper risk prioritization is essential to ensure that resources are deployed first to issues that matter most and only to issues that actually expose you to risk.
For more proactive engagement with your third parties, provide them access to continuous surface risk assessment results. With access to continuous surface assessment results, third-parties can proactively address issues that you would otherwise have to communicate.
|Share the assessment results with the third party.||Common||87%|
|Share the assessment results with internal stakeholders.||Common||80%|
|Record assessment results in a risk register.||Common||53%|
|Hold third parties accountable to addressing the identified issues.||Common||60%|
|Provide third parties ongoing access to continuous surface assessment results for their own organization.||Pioneering||10%|
|Use a continuous surface security assessment capability to monitor areas of concern for improvement.||Pioneering||23%|