3rd Party Risk Management , Governance

Developing a Robust Third-Party Risk Management Program

Jonathan Ehret of Third Party Risk Association Offers Tips
Developing a Robust Third-Party Risk Management Program
Jonathan Ehret, founder, Third Party Risk Association

Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association.

"There are a lot of organizations I have spoken to that think they have a robust program in place, when, in reality, it is not robust at all," Ehret says in an interview with Information Security Media Group. "They're doing the bare minimum - what I call 'check the box' auditing. ... They may not know what depth they need to get into."

Sharing information on third-party risks can play an important role in risk mitigation, he adds.

In this interview (see audio link below photo), Ehret also discusses:

  • Common mistakes made in vendor risk management;
  • Whether a global third-party risk framework would work;
  • Risk factors to keep in mind after mergers and acquisitions.

Ehret is the president and co-founder of the Third Party Risk Association, an Ankeny, Iowa-based non-profit professional association for third-party risk practitioners and vendors. He has more than 20 years of experience, the last 15 years specializing in information risk. He has helped to grow and mature various third-party risk teams in the finance and healthcare industries.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.