It’s Turtles All the Way Down

A mythological explanation of the world states that the flat earth rests on the back of a giant turtle, which itself rests on the back of an even larger turtle. That turtle rests on a still larger turtle, and so on, forever.

Third-party risk management is like the epistemological stack of world turtles: each organization obtains goods and services from yet other organizations, and so on with no apparent end. All organizations are at least partly dependent upon others for goods or services essential for delivering goods or services to their customers.

So, where does it all end? Depending upon the industry and the criticality of individual goods or services, third party risk management generally vets critical vendors, and determines whether those vendors have effective third party risk management programs.

We’re all in this together.

— excerpt from an upcoming book on information security management


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.