Due Diligence: A 4th Party Risk Guide

Due Diligence: A 4th Party Risk Guide

managed services new york city

Okay, so, like, due diligence for 4th party risk? managed it security services provider Its a mouthful, right?

Due Diligence: A 4th Party Risk Guide - managed service new york

  1. managed it security services provider
  2. managed it security services provider
  3. managed it security services provider
  4. managed it security services provider
  5. managed it security services provider
  6. managed it security services provider
(Seriously try saying it five times fast!). Basically, its about making sure your suppliers suppliers arent gonna screw things up for you. I mean, we all do due diligence on our direct vendors, right? Checking their financials, making sure theyre not, you know, totally shady. But what about the companies they use?


Thats where 4th party risk comes in. Think of it this way: you hire a company to manage your payroll (a 3rd party). But they use a cloud service to store all your employees social security numbers (a 4th party). If that cloud service gets hacked, guess whos holding the bag?

Due Diligence: A 4th Party Risk Guide - managed services new york city

  1. check
  2. managed it security services provider
  3. managed services new york city
  4. check
  5. managed it security services provider
  6. managed services new york city
  7. check
  8. managed it security services provider
  9. managed services new york city
  10. check
  11. managed it security services provider
You are!


So, how do you do due diligence on someone you dont even directly work with? Well, its tricky. You gotta ask your vendors the right questions. Like, "Hey, who are YOU using to do [insert important function here]?" "What kind of security do they have?"

Due Diligence: A 4th Party Risk Guide - check

  1. check
  2. managed services new york city
  3. managed it security services provider
  4. check
  5. managed services new york city
  6. managed it security services provider
"Can I see their SOC 2 report?" (If they even know what that is, lol).


Its not easy, and it can be a real pain in the butt, but its super important. Especially now, with everything being so interconnected. One weak link in the chain, and boom! Your whole operation could be compromised.


Honestly, a good 4th party risk program involves a mix of things. Contractual clauses (making your vendors responsible!), regular audits (if you can swing it), and just plain old good communication.

Due Diligence: A 4th Party Risk Guide - managed services new york city

  1. managed services new york city
  2. managed it security services provider
  3. managed services new york city
  4. managed it security services provider
  5. managed services new york city
  6. managed it security services provider
  7. managed services new york city
  8. managed it security services provider
You gotta build trust with your suppliers, and make sure they understand the importance of security, all the way down the line. managed it security services provider Its a team effort, really.


Dont ignore the small stuff either! A small vendor with lax security can be just as dangerous as a big one.

Due Diligence: A 4th Party Risk Guide - managed services new york city

  1. managed services new york city
  2. managed it security services provider
  3. managed services new york city
  4. managed it security services provider
  5. managed services new york city
  6. managed it security services provider
managed services new york city Think of it like this, they may have a small window in, but once they are in, there in!


managed services new york city

And its not a one-time thing! Due diligence is ongoing. You gotta keep checking in, keep asking questions, and keep monitoring the situation. The threat landscape is constantly changing, so you gotta stay vigilant! Its a never-ending battle, but hey, thats business, right?!

4th Party Risk: The Financial Impact