A key challenge facing enterprises across geographies is evaluating third-party risks to ensure proper protection of sensitive data against cyberthreats and data breaches.
Among the issues, says Robin Slade, executive vice president and COO of Santa Fe Group, a U.S.-based consulting firm, is that the risk evaluation process followed today is inefficient and costly for all parties involved.
"Even in the heavily-regulated financial sector, challenges related to third-party risk exist as CISOs deal with many forms of risks emerging from technologies such as cloud, mobility and others," Slade says. "This is no different among enterprises from the Asia Pacific region."
Slade recommends that organizations adopt the collaborative shared assessment approach to managing third-party risk. The Santa Fe Group has long advocated shared assessments for financial services organizations in the U.S., and recently teamed up with consulting firm Protiviti to prepare a 2015 Vendor Risk Management Benchmark Study that also calls out the needs of healthcare organizations and other sectors (see Vendor Risk Management Shortfalls).
But managing third-party risk is not just a U.S. challenge, Slade says, nor is it limited solely to the financial and healthcare sectors. It's a global challenge, and organizations must start to tackle it collaboratively, she says.
"Risk management methods or processes should not be treated as a competitive issue," Slade says, making the case for shared assessments. "Peer collaboration will enable practitioners to understand the nuances of various methods and standards that the third parties are using in developing a risk assessment framework."
Slade will discuss this topic at RSA Conference Asia Pacific & Japan. Her session, Peer Collaboration - The Next Best Practice for Third-Party Risk Management, being presented on Friday, 24 July, at the Orchid Room 4301, the Marina Bay Sands convention center in Singapore.
In this exclusive interview with Information Security Media group, Slade offers insights on the third-party risk management challenges for enterprises. She discusses:
- The steps CISOs need to take in developing risk frameworks;
- Details of the shared assessments model for third-party risk evaluation.
At the Santa Fe Group, Slade leads the Shared Assessments Program - a member-driven consortium focused on third-party risk management. Previously, Slade managed the BITS Fraud Reduction Program. She co-founded and is president/CEO of the Foundation for Payments Fraud Abatement and Activism.