Third-Party Risk Management

Tom Garrubba


“Take calculated risks. That is quite different from being rash.”

George S. Patton

Third-party risk is front and centre for C-suites and boards of directors. As the digitised business landscape has expanded, so too has the role that third parties are playing in the day-to-day operations in your organisation. In addition, both industry and regulators have made it clear that – for organisations and the third parties that they do business with – data protection and privacy must remain top priorities. In this context, it is imperative to remember: you can outsource the work, but you cannot outsource the risk. This chapter will discuss the challenges and solutions surrounding third-party risk management.

What is a third party?

A third party is identified as any entity or person that works on behalf of an organisation, but is not an employee of that organisation. This includes consultants, contingent workers, clients, business partners, vendors, subcontractors, suppliers, affiliates and any other person or entity that accesses customer, company confidential/proprietary data and/or systems that interact with that data.

What is third-party risk and why does it

To continue reading...

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: