Third-Party Risk Management: Taming the Beast Using Information Governance (2021)

by Sofia Empel, Pd.D, CRM


Organizations are increasingly leveraging third parties to achieve strategic objectives, improve efficiencies, and access expertise. Data once stored internally by organizations may now be managed and stored by third parties outside an organization’s environment. Regulators, stakeholders, and especially the organizations expect third parties to protect and manage this data with the utmost diligence. This paper provides an overview of the third-party risk management process and focuses on the data-related risks posed by third parties and the strategies to mitigate those risks.