11 Third-Party Risk Management

So far, we’ve learned about IT risk management and the different methods to perform a risk assessment and response, as well as monitoring. In this chapter, we will dive deep into third-party risk management (TPRM), how to assess downstream third parties (vendors) and support businesses for upstream third parties (customers), and how to manage emerging risks. We will also look at how to manage issues, findings, and exceptions that may impact the business operations of an organization.

This chapter aims to help you learn about the concepts of TPRM and how to perform an effective third-party risk evaluation. We will also learn about issues, findings, and exceptions and how to manage them effectively.

In this chapter, ...

Get ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide by Shobhit Mehta

11

Third-Party Risk Management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly