PrivSec Focus: Third-Party Risk brought subject-matter experts and industry thought leaders together today to bring up-to-the-minute insight into the world of third-party risk management (TPRM).
Within the one-day livestreaming experience, PrivSec Focus: Third-Party Risk gave global audiences a curated agenda of presentations and panel debates exploring the challenges and opportunities on the TPRM landscape.
The morning sessions got underway with a discussion on vendor monitoring and the aim for total transparency.
Keitumetsi Tsotetsi, Senior specialist in group governance, risk and compliance (cyber security) at Vodacom, said:
“It is almost impossible to have full visibility without planning what risks are high for the organisation”
“Sometimes we impose a lot of what we want as organisation instead of trusting what the vendor will do. Be aware of your risk, have an active risk register,” Keitumetsi Tsotetsi added.
“If your firm does not have any oversight of their suppliers currently what would you say would be the first place to start to get the transparency and information? Would you look at your major suppliers first and then work down?”
“A mistake we make a lot is expecting perfection from the get go. You need to know what you want to know so that supplier can answer your questions,” Keitumetsi Tsotetsi continued.
Puja Verma LLM, CIPP/E, Legal & Privacy Counsel, Philips, said:
“I think that the best way to do it is with the person who brought the supplier in; they have to look out for them just like they would with the customer, caring for a supplier can create an environment of trust and transparency.”
In the following session, “Can You Rely On Third-Party Risk Assessment Questionnaires?”,
Onur Korucu, Data Protection Sr. Manager at Avanade, explained how organisations are “finally developing a scalable process to deal with third-party risk.”
Prof. Hernan Huwyler of Danske Bank, said:
“Nowadays, there a lot of synergies we can have for organisations dealing with due diligence and it is one of the tendencies I like the most.”
→ SEE ALSO: #RISK - London ExCel, 16th & 17th November 2022
With over 200 exhibitors, keynote presentations from experts and thought leaders, panel discussions and breakout sessions #RISK will be the largest gathering of its kind in 2022.
#RISK will focus on how a comprehensive GRC programme enables risk leaders, lines of business and the C-suite to mitigate risks, reduce compliance breaches and improve business performance.
Commenting on how to calculate inherent risk when dealing with third parties, Ed Thomas of ProcessUnity, highlighted best practice with questionnaires, stating:
“Choose relevant questions based on what is important to your organisation, avoid jargon and be direct, limit the number of open-questions and use pick lists for better precision.”
In the afternoon at PrivSec Focus: Third-Party Risk turned towards ESG themes, with experts considering how organisations can maintain ethics in the supply chain.
Litigation Attorney at Beckage, Brian Myers, said:
“Always have a level of scepticism on what your third party is saying… make sure they are consistent to guide to find questions to ask about collaborations. It is not about asking question it is about being proactive on your side.”
Regine Bonneau, founder and CEO of RB Advisory LLC, said:
“Education is key, as well as who you have around to help the company move forward.”
Privacy and Compliance Consultant and Fakos lawyer, André H. Paris, said:
“As a global company you should know the parties you work with, the ones that will represent your company, get the license you need for other countries and you should also make sure your third party understands your code of conduct.”
In the following session, supply chain health was the centre of debate, with the spotlight falling on best practice in the event of attacks.
Anu Kukar, Associate Partner, Cybersecurity cloud, strategy & risk at IBM A/NZ, said:
“The reason we are seeing more attacks, [is because] through supply chains the criminals can maximise the effect by threatening many companies in once through ransomware. We have changed how we do things and allowed a new crime trend to emerge and we have to learn how to deal with it.”
Vincent D’Angelo, Global Director, at CSC Digital Brand Services, said:
“At the end of the day, it comes down to the lack of awareness. The problem is that people don’t have domain security as a part of their priorities.”
Patricia Punder, Governance, Compliance, Data Privacy and ESG International Expert at Punder Advogados, said:
“Enforcement agents need to hire young specialists to teach them how to mitigate cyberattacks or even hire young hackers.”
PrivSec Focus: Third-Party Risk came to a close with a study of due diligence when collaborating with third parties.
Todd Boehler, Vice President of Strategy, at PROCESS UNITY, outlined the “broad spectrum of risk domains that you should be monitoring your suppliers with.”
Amanda L. Tilley, VP, Information Security Manager, GRC and Privacy at OceanFirst Bank, said:
“TPRM is not as staffed as it should be which is why the hybrid approach is the best way to do it. The organisation has to take some responsibility and not send all that risk to the third party.”
PrivSec World Forum
Part of the Digital Trust Europe Series - will take place through May, June & July 2022, visiting five major cities;
PrivSec World Forum is a two-day, in-person event taking place as part of the Digital Trust Europe series. Data protection, privacy and security are essential elements of any successful organisation’s operational make-up. Getting these things right can improve stakeholder trust and take any company to the next level.
PrivSec World Forum will bring together a range of speakers from world-renowned companies and industries—plus thought leaders and experts sharing case studies and their experiences—so that professionals from across all fields can listen, learn and debate.