PART THREE:

RESOLUTION

BEFORE:

No final resolution around the risk in question.

AFTER:

Stronger determination from third parties to see resolution through to the end.

Lastly, teams must track the third party’s remediation efforts from beginning to end. The goal is to ensure the issue gets resolved and no longer poses a significant risk to the company.

TRANSFORMING THE RESOLUTION PROCESS

THE OLD WAY:

Companies often struggle to reach a final resolution with their third party risk remediation efforts.
  • If an organization uses an intelligence tool, the best they can do to move the process forward is to encourage the third party to log onto the specific platform and submit a dispute to close the finding.
  • Then it may take days for the tool to review and approve the submission.
  • Even after the finding is officially closed, it’s typical for the third party’s overall rating not to update — especially with legacy solutions that use black box techniques to calculate the score.
  • Because this whole process is so laborious, most third parties don’t bother to see it through to the end.

THE NEW WAY: STREAMLINING RESOLUTION

As we discussed in the previous section, third parties often get overwhelmed by panicked messages when a security event happens. To encourage your third parties to see resolutions through to the end, foster a mutual relationship that gives third parties a “path of least resistance” for mitigating your concerns. Here are a few ways to do so:

1. ) TREAT THIRD PARTIES LIKE PARTNERS

Share targeted information that offers clear insights and eliminates uncertainty or vagueness whenever possible. You can’t just send a bunch of information to a third party and expect them to do something; it needs to be a team effort.

2. ) USE A TOOL THAT UPDATES THIRD PARTY RATINGS IMMEDIATELY

Many third parties lose track of the process while they wait for different levels of bureaucracy to approve and resolve all disputes before providing results. So, it’s important to leverage a tool that doesn’t follow such a long workflow.

3. ) JOIN A NETWORK THAT SHARES THIRD PARTY SCORES

If several customers are part of the same network, the third party’s efforts can be multiplied. For instance, if they respond to one customer, other customers with similar concerns can see the response and save time in their third party outreach efforts.

NOW LET'S PUT THESE BEST PRACTICES INTO ACTION

NEXT PAGE →