Third-Party Risk Management

This post discusses questions and considerations to make sure your company can stay in business during supply chain disruptions.

Recently, NAVEX hosted a webinar that discussed best practices on how to assess and mature third-party and IT risk management programs. This post is dedicated to answering the questions we received during the webinar.

Each year, NAVEX publishes the Top 10 Trends in Risk and Compliance. This publication features trends and predictions for the year to come and features contributions from experts in the industry. In this article Michael Volkov, Carol Williams and Susanna Cagle discuss three pillars to address in order to holistically manage third-party risk: regulatory, enterprise and ESG risks.

The recent passage of the Strengthening American Cybersecurity Act of 2022 in the Senate indicates growing attention to cybersecurity threats to critical infrastructure. Escalating events related to the Russian invasion of Ukraine and increased cybersecurity attacks make the call for increased security and regulated reporting requirements timely. In this article, we discuss what the passage means and the considerations all businesses (regardless of industry) should make.

When evaluating traditional vs. enterprise risk management (ERM), it’s natural to think it’s all about “risk.” But ERM is about more than minimizing the negative. Learn how ERM can help organizations focus on the right risks, at the right time, and in the right amount.

Organizations need to understand and manage the cybersecurity risk third-parties can present. Traditionally, security teams have used annual security assessments to assess third-party risk. However, this poses several challenges to security teams. Learn the benefits of monitoring cybersecurity risk continuously, and the risks of not doing so.