This message was posted by a user wishing to remain anonymous
I suggest at a minimum gathering an Nth Party inventory. Nth Party Inventory should include at least some minimal data on the Nth Party (vendor using the Nth Party, service provided, service location(s), data access status, vendor's TPRM adequacy, etc.)
Concentration risk has been a frequent concern in the Nth Party discussion as has vendor's TPRM adequacy.
Buyer be ware: Direct DD on Nth Parties can be difficult since you are not their customer. As they say, "make sure the juice is worth the squeeze".
Original Message:
Sent: 08-10-2021 10:25 AM
From: Anonymous Member
Subject: 4th Party Risk Management
This message was posted by a user wishing to remain anonymous
Hi
I'm looking for insights in how other organisations address 4th party risk management - is this largely left to third parties to manage or do you have any direct due diligence and monitoring of 4th parties? Would love to hear about any frameworks and models used in this topic
Thanks in advance