Pineville, NC (December 21, 2021) – A new Foundation research report, Third-Party Risk Management: Taming The Beast Using Information Governance” by Sofia Empel, PhD, CRM.

Organizations are increasingly leveraging third parties to achieve strategic objectives, AIEF efficiencies, and access expertise. Data once stored internally by organizations may now be managed and stored by third parties outside an organization’s environment. Regulators, stakeholders, and especially the organizations expect third parties to protect and manage this data with the utmost diligence. This paper provides an overview of the third-party risk management process and focuses on the data-related risks posed by third parties and the strategies to mitigate those risks.

Sofia Empel, PhD, CRM, IGP, is the Director, Information Governance at a healthcare data analytics company. She leads the company’s enterprise-wide third-party risk management program for the Compliance Department. Dr. Empel previously worked as an information management consultant specializing in program development, training, technology implementation, and analytical services. She often teaches, writes, and speaks on information management topics. She was a 2010 Foundation scholarship recipient and served on the Foundation’s Research Committee from 2015 to 2018.

This report and others are available at no charge to interested information management professionals at:

The Foundation is a leading organization that embraces the practical and scholarly knowledge of information management by funding and promoting research, scholarship, and educational opportunities for information management professionals. The Foundation is a non-profit corporation with 501(c) 3 tax exempt status in the US. For additional information, please visit: We welcome all information management professionals to join us on social media.