August 23, 2018 by Siobhan Climer
In a recent interview, Dana Bailey, Mindsight’s VP of Operations, had this to say about the challenges businesses face today and how to solve those problems:
“Time. Money. Risk. In my experience, when I’ve gone in to have a conversation with a customer, it is most effective to try and understand – what are you working on? What are the primary focus items for the business? What are your real imperatives? Then you have to ask, what do you feel are some of the biggest risks and challenges you face? And, more often than not, if you just summarize what you would net from those conversations, it would come down to what I just said. Time, money, and risk.”
But how can businesses manage those challenges, especially as it relates to managing third party vendor risks? Vendor risk reaches straight into the heart of business strategy, and it must be considered in the full context of business objectives.
What Goes Into Managing Third Party Vendor Risks?
Simply put, managing third party risks comes down to understanding the network that interacts with your business. The trick with this is that even though you may only contract with one or two third parties, those vendors likely contact with other vendors, creating an intricate – and often insecure – network that can impact your risk assessment. Check out the diagram below to see what vendor risk looks like from a cybersecurity perspective:
But risk isn’t simply a security assessment. Risk comes in the form of failing to meet business objectives. The network of vendors with whom you work need to support your objectives, not hinder them. Performing a risk assessment puts you in a position to understand this vendor network fully and mitigate the risks that come with necessary partnerships. But a risk assessment is only as good as its assessor, so here are the key components to look for as you begin examining third party vendor risks.
To understand how vendor risk impacts your business, you first need to identify business objectives. Every company has objectives – whether it’s to improve metrics, grow assets, or provide excellent customer service – and the vendors you choose need to assist you in fulfilling those business imperatives. You also only have so much time and so much money to work with to achieve these goals. Risk takes the form of failure. Can you afford to delay that software update? Can you afford to not meet your target growth? Probably not. Managing third party vendor risks, therefore, requires the context of business objectives.
When it’s time to find a vendor to support business objectives, you need one who is competent in the initiatives you are hoping to meet. If the business objectives include security, collaboration, storage, network, cloud computing, or something else entirely, you need a vendor who can provide that expertise. So, how do you know if a vendor has the necessary expertise? They push back on your assumptions, ask valid questions, provide various perspectives and offerings, and give you straight talk. When someone starts talking high-level jargon or replying to everything you say with “Yes, we can do that”, they probably aren’t competent.
Certifications matter. To properly manage third party vendor risks, you need to be an advocate for your business. Vendors must be able to provide documentation that proves their competency. Certifications, case studies, exemplars, testimonials, and documents can provide this evidence. It might seem tedious but following up on the evidence provided is essential. Verify certification numbers and expiration dates. Call references for an honest appraisal of the vendors’ services. Look for evidence of exaggeration or misleading phrasing in case studies. Until you know better, assume that you are the only one looking out for your business. Start from there to minimize the risk to your team.
When it comes to managing third party vendor risks, you must read the fine print. Service-level Agreements (SLAs) are an important part of managing this risk, and the associated penalties can help protect business assets. Ensure exit clauses and the right to audit are included, so you can continue to perform risk assessments during the course of your relationship. This is especially important if the vendor you are investigating is one you plan to work with for an indefinite amount of time. Technology changes fast. Even a one-year contract might leave room for a vendor to fall behind in its ability to provide the risk mitigation you require.
Find Out More About Managing Third Party Vendor Risk
Risk transcends the full spectrum of vendors your enterprise may work with to meet business objectives. From material or service needs to diverse capabilities and support expertise, vendor risk reaches across the handshake into the heart of your business strategy. Contact Mindsight today to speak to VP of Operations Dana Bailey and learn how to plan for the future.
Contact us today to discuss Mindsight’s competencies and your technology roadmap to the future.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.