Educate internal stakeholders about third-party risk and their responsibilities in ensuring it is properly managed. Inform third parties of their obligations during the on-boarding process and periodically going forward.
Training internal stakeholders helps ensure the program is successfully integrated into their operations. Keeping third parties aware of your risk management expectations enables them to pro-actively address potential gaps.
Create a third-party risk management training program that informs stakeholders of their role-specific responsibilities and motivates their participation.
Provide third-parties periodic updates of security performance expectations. Meet periodically with critical third-parties for one-on-one risk collaboration.
|Provide internal stakeholders with third-party security risk awareness and management process training.||Common||67%|
|Train third parties on your vendor security requirements.||Pioneering||23%|
|Require that third-party personnel with sensitive access to your assets individually take your security awareness and policy training.||Pioneering||7%|
|Meet periodically with the most critical vendors to openly discuss current and emerging security concerns.||Pioneering||7%|
|Periodically host general security awareness events for your third-party community.||Pioneering||7%|