3rd Party Risk Management,
Governance & Risk Management,
Video
Experts Advocate for Routine Vendor Risk Assessments Rather Than One-Time Evaluations
As the complexity of vendor ecosystems increases, many organizations still manage third-party risk primarily during the onboarding process. While initial assessments often rely on comprehensive questionnaires to gauge vendor risk, companies frequently neglect to monitor how these risk profiles evolve post-engagement.
Related Reading: Merging Without Mayhem: PAM Strategies that Work
“Organizations need to shift from sporadic reviews to continuous oversight,” asserted Lance Mueller, President of The Digital Trust Ecosystem. “A one-time assessment is insufficient; the threat landscape continuously evolves, vendor operations can change, and new risks can emerge mid-contract. The gaps in monitoring between vendor onboarding and offboarding pose significant risks to organizations.”
Mohammad Barakat, Co-Chair of the ACFCS MENA Chapter, emphasized the operational challenges of maintaining ongoing assessments without overwhelming either vendors or internal teams. “Organizations should utilize automation and integration,” Barakat explained. “By implementing tools that mesh with existing vendor platforms, organizations can streamline risk data collection and analysis, thus reducing the manual workload and ensuring current risk profiles without excessive vendor communication.”
In a recent video conversation with Information Security Media Group, Mueller and Barakat addressed several critical topics, including key indicators to watch during vendor onboarding, how international conflicts and trade disruptions are altering vendor risk exposures, and strategies to discover fraudulent activities post-onboarding.
Barakat brings a wealth of experience advising financial entities, regulatory bodies, and regional governments on anti-money laundering and counter-terrorism financing frameworks, governance structures, and cyber resilience across sectors like banking, telecommunications, and international development, successfully bridging the gap between regulatory requirements and operational realities.
Mueller collaborates with thousands of organizations to accurately communicate their cybersecurity programs. He has substantial expertise in managing third-party and vendor risks and is well-positioned to guide organizations as they navigate the complexities of vendor management in today’s threat landscape.
