Since third parties and the services provided are critical for the continuity of the company’s own activities and the accessibility of its own services, it is inevitable that the risks arising from these are also a part of the company’s risk management process.
Especially for critical infrastructure sectors, these risks can have effects on the national level and public order, in addition to their effects on the company.
3. The risks of the parties are included under Operational Risks, which are handled in the general risk management process of the institutions. When addressing these risks, it is important to take into account the risks related to the components of the service supplied from third parties, as well as the financial, reputation, compliance and subcontractor risks arising from the supplier itself. Within the framework of this holistic view, all stages, starting from the identification of candidate suppliers, supplier selection and service levels in the procurement phase and ending with the service, must be addressed in the risk assessment process. 3. The human resources that provide the services procured from the parties, the processes they carry out and the technologies they use to provide this service should be evaluated as a whole.
US telecommunications company T-Mobile has been subject to many security breaches in recent years. The breach, which occurred in January 2023, was one of the largest data breaches in the company’s history. In this breach, 37 million customers were affected, with customer addresses, phone numbers and dates of birth stolen by a threat actor.
A second incident, announced in April 2023, affected only 800-odd customers. But this case involved many more data points, including T-Mobile account PINs, Social Security numbers, government-issued identification information, dates of birth and internal codes the firm uses to service customer accounts.
US-based genetics and research company 23andMe announced that approximately 20 million user data was stolen. It was stated that the data breach was carried out by a threat actor who used classic credential stuffing techniques to access user accounts.
Users affected by the breach include those using the DNA Relatives service. This service allows users to find relatives who share their genetic ancestry. Through this service, the threat actor was able to access many more data points, such as users’ profile photos, gender, year of birth, location, and genetic ancestry results.
The Electoral Commission, the UK’s independent regulator of party and election financing, revealed in August that threat actors had stolen the personal information of an estimated 40 million voters.
The data affected by the breach included voters’ names, addresses, dates of birth, phone numbers and email addresses. Threat actors can use this data in a variety of ways. For example, they can use this data to launch phishing attacks, target ads, or blackmail voters.
To prevent reputational and financial losses of all institutions; They must manage third party risks continuously and effectively.
In accordance with the legal regulations in our country; “Electronic Communications”, “Energy”, “Finance”, “Transportation”, “Water Management” and “Critical Public Services” institutions with critical infrastructure are legally obliged to manage third party risks.
As Forcerta, we have created Forcerta TRiM Service packages to enable our competent technical experts to carry out the end-to-end 3rd Party Risk Management needed by institutions in accordance with the legal legislation in our country. The scope of this service is generally as follows:
In accordance with the needs of institutions, Forcerta has created three different TRiM Service Packages and Optional Additional Service Packages. All of these service packages include the management of the institution’s own risks within the same scope.
TRiM Standard Forceps:
If you want to reveal your company’s current 3rd party risks and perform sectorally comparative 3rd party risk management that can be monitored continuously and in real time, contact us immediately .
We are at your service with our end-to-end 3rd party risk management service in accordance with legal regulations.
If you would like to get more detailed information about our Forcerta TRiM Service, please fill out the form below.