Back to Playbook Visit Our Blog

Capability
Training and Awareness

Promote the third-party risk program, informing stakeholders of relevant
policies, standards, and operating procedures. Keep third-parties informed of
performance requirements.

What

Educate internal stakeholders about third-party risk and their responsibilities in ensuring it is properly managed. Inform third parties of their obligations during the on-boarding process and periodically going forward. 

Why

Training internal stakeholders helps ensure the program is successfully integrated into their operations. Keeping third parties aware of your risk management expectations enables them to pro-actively address potential gaps. 

How

Create a third-party risk management training program that informs stakeholders of their role-specific responsibilities and motivates their participation. 

Provide third-parties periodic updates of security performance expectations. Meet periodically with critical third-parties for one-on-one risk collaboration. 

Practice Status Adoption
Provide internal stakeholders with third-party security risk awareness and management process training. Common 67%
Train third parties on your vendor security requirements. Pioneering 23%
Require that third-party personnel with sensitive access to your assets individually take your security awareness and policy training. Pioneering 7%
Meet periodically with the most critical vendors to openly discuss current and emerging security concerns. Pioneering 7%
Periodically host general security awareness events for your third-party community. Pioneering 7%