Back to Playbook Visit Our Blog

Capability
Risk Treatment

Engage with the third party to address risk performance gaps in a timely manner.

What

Engage with third parties to address tactical and systemic security-performance gaps necessary to achieve a satisfactory risk-management position.

Why

Reduce your risk exposure by holding your third parties accountable to meeting your risk management performance standards. Customer risk feedback to vendors that is timely, relevant, and actionable is a powerful motivator for third-parties to do the right thing.

How

Provide your third parties with risk-prioritized action plans that guide them in addressing tactical and systemic risk. Set expectations for issue remediation timing and follow up on all commitments. Proper risk prioritization is essential to ensure that resources are deployed first to issues that matter most and only to issues that actually expose you to risk.

For more proactive engagement with your third parties, provide them access to continuous surface risk assessment results. With access to continuous surface assessment results, third-parties can proactively address issues that you would otherwise have to communicate.

Practice Status Adoption
Share the assessment results with the third party. Common 87%
Share the assessment results with internal stakeholders. Common 80%
Record assessment results in a risk register. Common 53%
Hold third parties accountable to addressing the identified issues. Common 60%
Provide third parties ongoing access to continuous surface assessment results for their own organization. Pioneering 10%
Use a continuous surface security assessment capability to monitor areas of concern for improvement. Pioneering 23%