Forcerta TRiM
Third Party Risk Management Service

Corporations run their businesses with their availability, cost and risk measures. When the business is dependent on IT, the services outsourced to third parties also have the same metrics, especially related to risk. This requires the companies to integrate the risk management of third parties into thier own monitoring processes.

Handling of such risk is related to business, risk appetite, sector and regulations, which defines the levels of third party risk management criteria.

Kurumsal Riskler - Corporate Risks

Third party risks are handled under general risk management processes. While considering these risks, not only the risks of the outsourced service components’ risk, but also the risks of the providers (financial, reputational, compliance, sub-contractor) need to be considered. With this holistic view approach, the providers need to be monitored starting from the candidate status, until the end of the contract.

Supplier Risks Have Significant Impact

Orion, the network management product developed by SolarWinds, which offers solutions for information technology infrastructure management of institutions, is used in +33.000 institutions around the world.

After a subcontractor of SolarWinds was hacked in 2020, a malicious software (trojan horse) injected into the Orion software unknowingly was distributed to +18,000 customers around the world with a system update. This vulnerability, which lasted months, was uncovered by root cause investigation of a data leak in a customer.

SolarWinds 3ncü taraf risk yönetim zaafiyeti

Cyber Attack on Supply Chain Caused data leakage in some airlines.

The cyber-attack against 90% of airline companies, SITA, resulted in the leaking of frequent flyer customer data.

SITA 3rd party risk

As a result of a security vulnerability in the Microsoft Exchange server that emerged at the beginning of 2021, +30.0000 institutions were hacked in 115 countries around the world.

What is Third Party Risk Management?

3nü Taraf Risk Yönetimi
  • Defining Risks: Define any cause of a possible loss
  • Analyzing Risks: Evaluate and measure the risks related to the possibility for a loss
  • Defining the remediation Activity: Make a choice: minimize, avoid, transfer or accept the risk
  • Minimize / Transfer the Risk: Apply internal controls for the processes of minimizing or transferring of said risk
  • Risk Reply Result: Define and run a method for the activity of the risk remediation response

Every Corporation needs to manage the 3rd party risks for protecting themselves in terms of financial and reputational losses.

In most countries it’s mandatory for utility sectors (Energy, Water, Finance, Transportation, critical public services, eg) to monitor the risk of their third parties.

Forcerta TRIM (Third Party Risk Management) Scope

    • Customized Risk Programs: Based on the service type delivered by the third party, including the evaluation of the provider by geography, risk and value.
    • Validate Information: Control and validate the information gathered during the risk evaluation phase
    • Measure Improvement: Measure the baseline after the KPI’s are defined and track the improvement in maturity accordingly
    • Validate and manage documents: Validate and confirm all documents gathered during the process
    • Continuous monitoring: Continuously monitor and confirm, report 3rd party risk information
    • Reporting: Define comparable KPIs and present reports based on regulations, standards or company spesific requirements

Forcerta TRIM Packages

Forcerta delivers TRiM services end to end in different delivery models.

Our consultants and technical risk experts manage third party risk for you based on the regulations that apply to you. The packages are as follows:

 

Forcerta TRIM Third Party Risk Management Packages

TRIM is served in 3 different options:

In every option you will have the process monitoring and automation provided by the risk scoring platformas well as management of the platform

Forcerta TRIM Standard :

  • Build the Third Party Inventory based on defined scope
  • Ingest the inventory into the scoring platform
  • Monitor risk scores continuously
  • Define the risk action on the platform and record improvement
  • Monitor activities of the third parties
  • Guide and consult on improvement activities
Forcerta TRIM Professional : 
  • (TRiM Standard is included)
  • Detailed Risk and maturity analysis, report and monitoring
Forcerta TRIM Enhanced :
  • (TRiM Professional is included)
  • Dedicated Forcerta Professionals (on-site if needed so) support the client with internal tools, processes and reporting.
Optional TRIM Services:
  • Third Party penetration tests and vulnerability analysis
  • Third Party security awareness and phishing simulations
  • Third Party threat intelligence gathering
  • Improvement of third party information security efficiency
Forcerta TRIM Third Party Risk Management

Transform 3rd Party Risk Management

Third party collaboration is todays requirement for efficiency, agility and expertise. Howevermanaging of the risk associated with such a cooperation is mandatory for the health of the business. You are only as strong as the weakest link in the chain and supply chains need to be robust.

Contact us if you want to set up a short meeting to get more info on our TRiM services.