Manage Third-Party Risk
Third-Party Complexity Drives Need for Efficient, Risk-Based Governance
Common Questions About Third-Party Risk
Click the labels on the illustration to see what your peers are asking about third-party risk—and to learn how RSA can help.

70% of risk management professionals characterize their organization as moderately to highly dependent on external entities.
Source: Deloitte, “Reestablishing the Perimeter: Extending the risk management ecosystem”

59% of companies experienced a third-party data breach.
Source: Ponemon Institute, “2018 Third-Party Data Risk Study”

Only 16% of companies say they effectively mitigate third-party risks.
Source: Ponemon Institute, “2018 Third-Party Data Risk Study”
The Challenges with Managing Third Parties in the Era of Digital Transformation
- Going digital: Digital transformation expands organizations’ third-party ecosystems, making them more complex and difficult to manage. Meanwhile, cybercriminals are exploiting vulnerabilities created with the expansion of third-party supply chains.
- Lack of visibility: The scope and complexity of today’s third-party ecosystems make it harder for executives to proactively identify and manage the security, access, compliance, resiliency and other risks stemming from partners, and thus, understand their third-party risk exposure.
- Regulatory pressure: Global regulations put additional pressure on organizations to better manage third-party risks.
Best Practices for Managing Third-Party Risk
- Implement a programmatic approach to identify, catalog, assess, treat and monitor third-party risk and performance. Understand which third parties create the most risk for your organization.
- Manage third parties’ access to your internal systems, data, and consumer-facing systems to ensure they don’t have excess access privileges.
- Monitor your entire IT environment so that you can rapidly detect and respond to the security and fraud threats that third-party partners and technologies may introduce.
Additional Resources to Help You Get Started

Third-Party Risk: The Soft Underbelly of Cybersecurity
Tech journalist David Strom shares eight tips for mitigating third-party security risks. Do you have these controls in place?

RSA Risk Framework for Third-Party Risk
Find out how RSA can help you assess and mature your organization’s third-party risk management and governance capabilities.

Ignite Your Third-Party Governance Program
Learn to get a third-party governance program off the ground quickly and avoid common pitfalls along the way.
A Word From Our Customers

Martha Dean, senior vice president and director of operational risk and information security, explains how RSA Archer® Suite helps Eastern Bank assess the risks associated with new products, services, applications and third-party partners.

How We Help Customers Manage Third-Party Risk
Products and services from the RSA® Business-Driven Security™ portfolio provide the foundation for a proactive, comprehensive and extensible third-party risk management and governance program.

Integrated Risk Management
Get a complete picture of third-party risk. Catalog these relationships and their risks on a single integrated risk management platform.

Evolved SIEM
Get instant visibility into security and fraud risks created by third-parties. Speed threat detection and response with our evolved SIEM.

Identity & Access Assurance
Govern third-party access to your critical systems and sensitive data with risk-based, multi-factor authentication and visibility into entitlements.

Omni-Channel Fraud Prevention
Detect and respond to fraud threats in consumer-facing digital channels with actionable fraud intelligence and risk-based adaptive authentication.

Professional & Advisory Services
Evaluate your third-party risk management capabilities and get a detailed roadmap for reaching your organization’s desired maturity levels.