What is involved in Third Party Management
Find out what the related areas are that Third Party Management connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Third Party Management thinking-frame.
How far is your company on its Third Party Management journey?
Take this short survey to gauge your organization’s progress toward Third Party Management leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which Third Party Management related domains to cover and 105 essential critical questions to check off in that domain.
The following domains are covered:
Third Party Management, Third-party management, Contract manufacturer, Corporate social responsibility, Corruption Perceptions Index, Financial Conduct Authority, Firewall, Foreign Corrupt Practices Act, Governance, risk management, and compliance, Information security, Office of the Comptroller of the Currency, Performance measurement, Reseller, Software as a service, Supplier Risk Management, Target Corporation, Value chain, Vendor:
Third Party Management Critical Criteria:
Check Third Party Management risks and define what do we need to start doing with Third Party Management.
– what is the best design framework for Third Party Management organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?
– How does the organization define, manage, and improve its Third Party Management processes?
– How do we Improve Third Party Management service perception, and satisfaction?
Third-party management Critical Criteria:
Derive from Third-party management results and balance specific methods for improving Third-party management results.
– What are your results for key measures or indicators of the accomplishment of your Third Party Management strategy and action plans, including building and strengthening core competencies?
– What are the short and long-term Third Party Management goals?
– Is the scope of Third Party Management defined?
Contract manufacturer Critical Criteria:
Accelerate Contract manufacturer planning and assess what counts with Contract manufacturer that we are not counting.
– What role does communication play in the success or failure of a Third Party Management project?
– What is the purpose of Third Party Management in relation to the mission?
– Have all basic functions of Third Party Management been defined?
Corporate social responsibility Critical Criteria:
Discourse Corporate social responsibility leadership and find the essential reading for Corporate social responsibility researchers.
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Third Party Management process. ask yourself: are the records needed as inputs to the Third Party Management process available?
– Are there any easy-to-implement alternatives to Third Party Management? Sometimes other solutions are available that do not require the cost implications of a full-blown project?
– What is the different in meaning if any between the terms Sustainability and Corporate Social Responsibility?
– What if your company publishes an environmental or corporate social responsibility report?
– Meeting the challenge: are missed Third Party Management opportunities costing us money?
Corruption Perceptions Index Critical Criteria:
Focus on Corruption Perceptions Index governance and summarize a clear Corruption Perceptions Index focus.
– Is maximizing Third Party Management protection the same as minimizing Third Party Management loss?
– How do mission and objectives affect the Third Party Management processes of our organization?
– What are the long-term Third Party Management goals?
Financial Conduct Authority Critical Criteria:
Extrapolate Financial Conduct Authority management and be persistent.
– When a Third Party Management manager recognizes a problem, what options are available?
Firewall Critical Criteria:
Use past Firewall tasks and define Firewall competency-based leadership.
– If the firewall runs on an individual host for which all users are not trusted system administrators, how vulnerable is it to tampering by a user logged into the operating system running on the protected hosts?
– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Third Party Management models, tools and techniques are necessary?
– Are all router, switches, wireless access points, and firewall configurations secured and do they conform to documented security standards?
– Is payment card account information stored in a database located on the internal network (not the dmz) and protected by a firewall?
– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?
– Are the firewall, router, wireless access points, and authentication server logs regularly reviewed for unauthorized traffic?
– If wireless technology is used, do perimeter firewalls exist between wireless networks and the payment card environment?
– Are web servers located on a publicly reachable network segment separated from the internal network by a firewall (dmz)?
– Is firewall technology used to prevent unauthorized access to and from internal networks and external networks?
– Is the firewall configured to translate (hide) internal ip addresses, using network address translation (nat)?
– Is a firewall used to protect the network and limit traffic to that which is required to conduct business?
– Does the providers firewall control IPv6 access, or protect against both IPv4 and IPv6 attacks?
– How does the firewall quality affect the likelihood of a security breach or the expected loss?
– How do we measure improved Third Party Management service perception, and satisfaction?
– How vulnerable is the firewall to attacks via the network against the firewall itself?
– How does the firewall quality affect the likelihood of a security breach or the expected loss?
– Can the firewall support hot-standby/failover/clustering?
– How do you justify a new firewall?
– How many Firewalls do you have?
Foreign Corrupt Practices Act Critical Criteria:
Detail Foreign Corrupt Practices Act decisions and modify and define the unique characteristics of interactive Foreign Corrupt Practices Act projects.
– Think about the kind of project structure that would be appropriate for your Third Party Management project. should it be formal and complex, or can it be less formal and relatively simple?
– How do we make it meaningful in connecting Third Party Management with what users do day-to-day?
Governance, risk management, and compliance Critical Criteria:
Adapt Governance, risk management, and compliance planning and sort Governance, risk management, and compliance activities.
– Are there any disadvantages to implementing Third Party Management? There might be some that are less obvious?
– How do we keep improving Third Party Management?
Information security Critical Criteria:
Pay attention to Information security governance and oversee implementation of Information security.
– Does the information security function actively engage with other critical functions, such as it, Human Resources, legal, and the privacy officer, to develop and enforce compliance with information security and privacy policies and practices?
– Is the software and application development process based on an industry best practice and is information security included throughout the software development life cycle (sdlc) process?
– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?
– Are information security policies and other relevant security information disseminated to all system users (including vendors, contractors, and business partners)?
– Are Human Resources subject to screening, and do they have terms and conditions of employment defining their information security responsibilities?
– Do suitable policies for the information security exist for all critical assets of the value added chain (indication of completeness of policies, Ico )?
– Do we have an official information security architecture, based on our Risk Management analysis and information security strategy?
– Is the risk assessment approach defined and suited to the ISMS, identified business information security, legal and regulatory requirements?
– Do suitable policies for the information security exist for all critical assets of the value added chain (degree of completeness)?
– Are information security roles and responsibilities coordinated and aligned with internal roles and external partners?
– Does your company have a current information security policy that has been approved by executive management?
– What information security and privacy standards or regulations apply to the cloud customers domain?
– What vendors make products that address the Third Party Management needs?
– What best describes the authorization process in information security?
– Is information security an it function within the company?
– Is information security managed within the organization?
– What is the goal of information security?
Office of the Comptroller of the Currency Critical Criteria:
Infer Office of the Comptroller of the Currency tasks and balance specific methods for improving Office of the Comptroller of the Currency results.
– Consider your own Third Party Management project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about Third Party Management. How do we gain traction?
– Do several people in different organizational units assist with the Third Party Management process?
Performance measurement Critical Criteria:
Examine Performance measurement results and reinforce and communicate particularly sensitive Performance measurement decisions.
– Constantly communicate the new direction to staff. HR must rapidly readjust organizational charts, job descriptions, workflow processes, salary levels, performance measurement, etc. Why?
– Have the types of risks that may impact Third Party Management been identified and analyzed?
– Performance measurement system design: Should process based approaches be adopted?
– Do Third Party Management rules make a reasonable demand on a users capabilities?
– The performance measurement revolution: why now and what next?
Reseller Critical Criteria:
Ventilate your thoughts about Reseller leadership and integrate design thinking in Reseller innovation.
– Who will be responsible for making the decisions to include or exclude requested changes once Third Party Management is underway?
– What sources do you use to gather information for a Third Party Management study?
– How do we go about Securing Third Party Management?
Software as a service Critical Criteria:
Administer Software as a service decisions and sort Software as a service activities.
– How will we insure seamless interoperability of Third Party Management moving forward?
– Why are Service Level Agreements a dying breed in the software as a service industry?
– What are the usability implications of Third Party Management actions?
Supplier Risk Management Critical Criteria:
Scrutinze Supplier Risk Management quality and change contexts.
– Does Third Party Management include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Third Party Management processes?
– What is our Third Party Management Strategy?
Target Corporation Critical Criteria:
Study Target Corporation governance and oversee Target Corporation management by competencies.
– Does Third Party Management create potential expectations in other areas that need to be recognized and considered?
– What potential environmental factors impact the Third Party Management effort?
Value chain Critical Criteria:
Have a session on Value chain quality and forecast involvement of future Value chain projects in development.
– What are the barriers to increased Third Party Management production?
– What are the Key enablers to make this Third Party Management move?
– What are the Essentials of Internal Third Party Management Management?
Vendor Critical Criteria:
Have a round table over Vendor governance and find the essential reading for Vendor researchers.
– What are the issues that arise when a limited number of vendors participate in a technology market and how can the risks be mitigated ?
– Are the vendor contracts deliverables-based, with specific Service Level Agreements (slas) including penalties and liquidated damages?
– Are vendor default accounts and passwords disabled or changed on production systems before putting a system into production?
– Has the vendors policy or stance on re-validation of products when new releases of the product are issued been considered?
– Wait for your Preferred Vendors to show you how you are performing or do you proactively manage your key vendors?
– Does your bi software work well with both centralized and decentralized data architectures and vendors?
– Do we have trusted vendors to guide us through the process of adopting business intelligence systems?
– Is there a schedule for required password updates from default vendor or manufacturer passwords?
– Are vendors permitted to attach samples of a completed criminal background screening report?
– Frequently speak with your Preferred Vendors -Daily, Weekly -Monthly -Annually -Never?
– Do you see areas in your domain or across domains where vendor lock-in is a potential risk?
– Have vendors documented and independently verified their Cybersecurity controls?
– Who are the key vendors that you want to closely follow as this space advances?
– Do we require the vendor to host and/or manage custom and off-the-shelf titles?
– Do you want the vendor selected to deliver the tools to develop wbt?
– Can the vendor create custom virus definitions for the organization?
– Are Cybersecurity criteria used for vendor and device selection?
– Have Score Cards and SLA s with your Critical Preferred Vendors?
– What is an example of cloud vendor lock-in?
– Who are the data loss prevention vendors?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Third Party Management Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
Third Party Management External links:
Bell Partners, Inc. | Third Party Management
Welcome to TRACE’s Third Party Management System (TPMS)
Contract manufacturer External links:
Home – Tufco – Wet Wipes Contract Manufacturer
Corporate social responsibility External links:
Corporate Social Responsibility | The Aerospace …
Corporate Social Responsibility – SourceWatch
Corruption Perceptions Index External links:
corruption perceptions index (CPI) – Britannica.com
How Africa Fares In The Corruption Perceptions Index 2016
Financial Conduct Authority External links:
Financial Conduct Authority – Financial Services Register
Financial Conduct Authority to review current accounts
UK Financial Conduct Authority Publishes Near-Final …
Firewall External links:
Firewall Management Software | Network Security Monitoring
Turn Windows Firewall on or off – support.microsoft.com
Foreign Corrupt Practices Act External links:
[PDF]FOREIGN CORRUPT PRACTICES ACT – Princeton …
Governance, risk management, and compliance External links:
Career Path – Governance, Risk Management, and Compliance …
Information security External links:
[PDF]TITLE: INFORMATION SECURITY MANAGEMENT …
Federal Information Security Management Act of 2002 – NIST
Managed Security Services | Information Security Solutions
Performance measurement External links:
http://Performance measurement is the process of collecting, analyzing and/or reporting information regarding the performance of an individual, group, organization, system or component. It can involve studying processes/strategies within organizations, or studying engineering processes/jjparameters/phenomena, to see whether output are in line with what was intended or should have been achieved.
Performance Measurement | Joint Commission
http://Performance measurement is the process of collecting, analyzing and/or reporting information regarding the performance of an individual, group, organization, system or component.
Reseller External links:
Reseller Portal LogIn
ShoreTel Reseller Partners & Champion Partner Program
What is reseller? – Definition from WhatIs.com
Software as a service External links:
[PDF]Software as a Service (SaaS)
DENTAWEB Software as a service
What is Software as a Service (SaaS) – Salesforce.com
Supplier Risk Management External links:
[PDF]Supplier Risk Management Through Standard …
Target Corporation External links:
Target Corporation – TGT – Stock Price Today – Zacks
Target Corporation Common Stock (TGT) Historical …
Value chain External links:
The Innovation Value Chain – CBS News
U.S. Global Value Chain Coalition
The Value Chain Academy | Start
Vendor External links:
VENDORS | Corporate Settlement Solutions | Title …
Vendor Sign-Up – WFG Lender Services
Mercury Network Vendor Management Platform | Mercury Network