Emily Shipman

Work Smarter, Not Harder to Manage Third Party Risk

Blog Post created by Emily Shipman Employee on May 21, 2019

Wouldn’t it be great if the size and resources of your third-party risk management team actually kept pace with your growing number of third parties? Hey, it never hurts to dream. But in case that dream never becomes a reality, RSA Archer has got your back.


Third-party relationships aren’t just growing in number and complexity -- they’re also growing in their potential impact to your business. As innovative companies lean into digital transformation, they’re increasingly leveraging third parties to host new infrastructure, improve customer experiences, and fuel digital-native products. So as our reliance on third parties grows, we have to ask ourselves how our risk management can work better, smarter, and faster.


Third-party risk management has traditionally been limited to questionnaires. These assessments remain important today, but they leave several gaps in effective risk management. First, they only tell you the risk at the "point in time" the assessment is conducted. Second, they only tell you what the third party knows and wants you to hear. They do nothing to illuminate security gaps that a vendor isn’t aware of. They tell you which controls are in place, but leave you with no assurance that those controls are operating effectively. And lastly, they’re just downright time-consuming for everyone involved, from respondents to reviewers. In a world where third parties are critical to bringing new products to market, that means hindering the pace of progress for the entire business.  


So how can we do risk better? The key is to maximize efficiency and minimize risk. Doing that means focusing on protecting value at risk. This requires having context for what matters to the business and where the value lies. But it’s not enough to just identify risk. Effective risk management also requires action.


That’s why we’re so excited to announce the new RSA Archer Third Party Security Risk Monitoring use case. While questionnaires and risk rating services alone only provide a partial view of risk, RSA Archer now enables you to build the complete picture. This new RSA Archer use case brings together business context, technical valuation powered by machine learning, objective verification of operating effectiveness, and actionable workflow to provide the most efficient, effective approach to risk management.


With both questionnaire-based assessments and new continuous monitoring of a third party’s internet presence, you can focus on how risk is actually implemented and operated. Prioritizing actions based on inherent business risk, asset value, and known defficiencies keeps you focused on what matters most. RSA Archer’s powerful workflow engine then ensures that the most critical issues get triaged both internally and externally for immediate response. As part of the broader RSA Archer platform for integrated risk management (IRM), you can also maximize the business value of your risk management program by providing a single place to share third party risk dashboards with stakeholders from the first line of defense, compliance, business resiliency, information security, and more.


Interested in taking your third-party risk program to the next level? Join us on Wednesday, May 22, 2019 at 11:00 AM Eastern for our webinar, "Third Party Risk Management: Making Sense of Your Vendor Data." To sign up, register here. Learn more about the new RSA Archer Third Party Security Risk Monitoring use case and be sure to join us for a Free Friday Tech Huddle on June 14, 2019.