Implement processes to identify new third parties and changes to existing third parties.
You can’t manage what you don’t know. Identifying new third parties and changes to existing third-parties enables you to engage your risk processes.
If you are starting a new program, analyze the vendors in the procurement database to create your initial population. Then periodically analyze the procurement database to identify venders that were missed.
Tie into the procurement processes to engage new vendors. Hook in to the project management program and business owners to identify new third parties early and existing ones that you missed.
|Seed your program with active vendor records in the procurement database.||Common||70%|
|Implement explicit procurement process gates to be included in contracting with new third parties.||Common||73%|
|Implement explicit IT process gates to be involved in projects that require new third-parties or changes to existing third-parties.||Common||37%|
|Build relationships with business owners to identify opportunities to support their new and existing third-party relationship needs.||Pioneering||13%|
|Periodically analyze the procurement vendor database to identify third parties that aren’t already under management.||Common||60%|
|Analyze network traffic logs / web activity to identify identify unmanaged third-parties.||Emerging||30%|