FPRM is the new TPRM

The recent Accellion-related breaches (a recent one here) are shining a light not just on third party risk management (TPRM), but fourth party risk management (FPRM).

When we bring on a new service provider, in a healthy TPRM program, we assess the service provider’s security (and maybe privacy) programs to see whether their security posture is something we can live with. I see a new set of questions to be asking our third parties, including:

What third-party service providers do your third-parties send your data to?
What third-party service providers are used to facilitate data transfer and other aspects of your service?

TPRM managers – these recent incidents should be sending us back into our methodologies to ensure we don’t have blind spots.

That is all.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Peter H. Gregory

Security and privacy driven by business-aligned cyber risk management. Celebrating twenty-one years of blogging in 2023.

FPRM is the new TPRM

Leave a Reply Cancel reply

Share this with others:

Like this:

Related

Leave a Reply Cancel reply