New guidance for continuous monitoring of third party IT security risks

Published: Wednesday, 10 October 2018 08:38

The Shared Assessments Program has released its latest risk management guidance, ‘Innovations in Third Party Continuous Monitoring’, the latest addition to the organization’s Building Best Practices series. The series is provided as a free industry resource to security and IT professionals worldwide to drive risk management among digital ecosystem partners.

Third party IT security risks can cause millions of dollars in damages; recent analyst findings confirm that third party involvement was the top contributing factor that led to an increase in the cost of a data breach in 2017. Effective application of the ‘Observe-Orient-Decide-Act’ (OODA Loop) decision cycle principals described in the guidance enable organizations to improve situational awareness, increase risk management program ROI, and reduce compliance costs.

The OODA Loop helps organizational leaders:  

It helps risk management practitioners immediately identify:

“While using third parties can benefit corporate strategy, third parties can also increase both the firm’s operational risk and the costs associated with effectively managing that risk,” said Caree Wagner, managing director, Corporate Operational Risk Management – Third Party Operational Risk at BNY Mellon; Continuous Monitoring Working Group Co-Chair and contributor to the third party risk management paper. ”The traditional, static risk assessment process is expensive to execute and may not identify emerging risks until it’s too late. This paper aims to outline how complementing traditional risk assessment processes with a continuous monitoring program can provide more real-time opportunities to identify and mitigate third party risk.” 

‘Innovations in Third Party Continuous Monitoring’ may be downloaded here (registration required).