Securing the Digital World

In Times of Disruption, Don’t Forget Your Third Parties

Apr 22, 2020 | by RSA |

“Bend, but don’t break.” It’s a desired outcome for businesses in the face of an unexpected disruption or crisis.

Today, organizations are doing everything they can to adapt and bend with the unprecedented and on-going global disruption. While many questions remain unanswered, businesses are having to now put their business resiliency strategies and plans to the test.

In a conversation featured on “The Download,” Patrick Potter of RSA, explained that as part of a resiliency strategy, organizations must assess their third-party ecosystem and prepare for any outcome: bankruptcy, breach, and a temporary or permanent shutdown.

In today’s economy, it is not uncommon for organizations to have hundreds – or even thousands – of external vendors who support customers, technology or services. As such, there’s a symbiotic relationship between the organization and its ecosystem of partners. When one experiences a disruption, it can upend the entire supply chain.

Organizations must ready themselves for a reality where many third, fourth or Nth party partners are disrupted and cannot deliver services – if that has not already occurred. According to Potter, organizations can and should take proactive actions today to assess their partner ecosystem, build in resiliency and prepare for possible scenarios. Some of those actions include:

  • Determine the criticality of your partners: Some external vendors are more essential for your day-to-day business operations than others. Rank them in tiers of importance so the business understands which are needed to support your business, such as maintaining service to your customers and employees.
  • Check-in on essential partners: See how the disruption is interrupting your most critical partner’s operations and what resiliency plans they have in place to continue supporting your business.
  • Transition work, if needed: The current disruption has impacted certain areas of the globe in different times and ways. Organizations may need to proactively shift work from one partner in a highly disrupted area to one in a less disrupted area if it minimizes downtime or impact to customers. Keep in mind that your third parties’ employees and contractors are likely displaced or working remotely.

Above all, communication is essential. For the business, it means tracking and monitoring known areas of risk in real-time - particularly looking ahead. Risk teams need the ability and flexibility to adapt their models and assessments to external factors – such as an actual or potential disruption to the supply chain, as well as what could be next as a result of a global event.

As organizations look to maintain business continuity, keeping a pulse on the third-party ecosystem must be a critical component of a business resiliency strategy. Visibility across the network for the duration of any crisis like this, is needed as no one knows when or how business will return to “normal,” if at all. In fact, the disruption from this crisis has been so global and pervasive, we should all expect some level of “new normal” which will require ingenuity in how to manage third-party risk.

Above all, it’s important to remember that we are all in this together. If you work with and collaborate with your partners now, you can come out more prepared to tackle the risks of the future.

See the new library of business continuity resiliency resources on to help keep your business secure and steady during crisis events. 

Looking for additional information about business resiliency and third-party risk? Be sure to check out: