Checklist for Framing and Assessing Third-Party Risk

Effective risk management involves four basic measures: (1) framing the risk; (2) assessing the risk; (3) responding to the risk; and (4) monitoring the risk. Building or enhancing a third-party risk management (TPRM) program to address third parties’ compliance with data protection and privacy regulations should include each of these steps. This checklist, derived from our previous in-depth coverage on managing third-party vendor privacy and data security risks, is intended to serve as a guide for the first two measures of a successful TPRM program – framing and assessing the risk. See “The Increasing Threat of Supply Chain Cyberattacks: How to Avoid Being a Statistic” (Sep. 28, 2022).

To read the full article

Continue reading your article with a CSLR subscription.