• Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
  • Support
  • Login
  • Contact
  • Blog
  • Support
  • Login
  • Contact
  • Blog
SecurityScorecard SecurityScorecard
  • Products
    PRODUCTS
    • Security Ratings
      Identify security strengths across ten risk factors.
    • Security Data
      Get actionable, data-based insights.
    • Security Assessments
      Automate security questionnaire exchange.
    • Attack Surface Intelligence
      NEW
      On-demand contextualized global threat intelligence.
    • Automatic Vendor Detection
      Uncover your third and fourth party vendors.
    • Cyber Risk Quantification
      Translate cyber risk into financial impact.
    • Reporting Center
      Streamline cyber risk reporting.
    • SecurityScorecard Marketplace
      Discover and deploy pre-built integrations.
    SERVICES
    • Active Security Services
      Test your security controls.
    • Cyber Risk Intelligence
      Partner to obtain meaningful threat intelligence.
    • Digital Forensics & Incident Response
      Prepare to respond to any threat.
    • Third-Party Risk Management
      Reduce risk across your vendor ecosystem.
    BUY NOW
    • Compare All Plans
      Choose a plan that's right for your business.
    • Try Free Account
      Make informed decisions with confidence.
    • Buy Pro Now
      Add automated event responses.
    • Buy Business Now
      Expand on Pro with vendor management and integrations.
    • Request Enterprise Demo
      See the capabilities of an enterprise plan in action.
    icon__SSClogoMark icon__SSClogoMark

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Solutions
    BY USE CASE
    • Compliance
    • Cyber Insurance
    • Digital Forensics
    • Due Diligence
    • Enterprise Cyber Risk
    • Executive-Level Reporting
    • Incident Response
    • Regulatory Oversight
    • Third-Party Risk
    BY INDUSTRY
    • Critical Infrastructure
    • Enterprise
    • Financial Services
    • Government
    • Healthcare
    • Insurance
    • Retail & Consumer
    • Technology
    Help your organization calculate its risk
    View All Solutions
  • Customers
    OUR CUSTOMERS
    • Customer Overview
      Trusted by companies of all industries and sizes.
    • Peer Reviews
      Find out what our customers are saying.
    SUCCESS AND SUPPORT
    • Customer Success
      Receive award-winning customer service.
    • Support
      Get your questions answered by our experts.
    COMMUNITY
    • SecurityScorecard Connect
      Engage in fun, educational, and rewarding activities.
    • Connect Login
      Join our exclusive online customer community.
    icon__SSClogoMark icon__SSClogoMark
    Understand and reduce risk with SecurityScorecard.
    Free account sign up
  • Partners

    Partner Program Overview

    Partner with SecurityScorecard and leverage our global cybersecurity ratings leadership to expand your solution, deliver more value, and win new business.

    Learn more
    • Locate a Partner
      Access our industry-leading partner network.
    • Value-Added Resellers
      Enter new markets, deliver more value, and get rewarded.
    • Managed Service Providers
      Meet customer needs with cybersecurity ratings.
    • ISAC Partner Program
      Learn more about the industries we support and ISAC member benefits.
    • Technology Alliances
      Access innovative solutions from leading providers.
    • SCORE Portal Login
      Use the SCORE Partner Program to grow your business.
    • SecurityScorecard Marketplace
      Find a trusted solution that extends your SecurityScorecard experience.

    Understand and reduce risk with SecurityScorecard.

    Free account sign up
  • Resources
    RESOURCES
    • Resource Center
      Explore our cybersecurity ebooks, data sheets, webinars, and more.
    • SecurityScorecard Blog
      Read the latest blog posts published weekly.
    • Research & Insights Center
      Access our research on the latest industry trends and sector developments.
    • SecurityScorecard Academy
      NEW
      Complete certification courses and earn industry-recognized badges.
    TOOLS AND DOCUMENTATION
    • Free Security Rating
      Get your free ratings report with customized security score.
    • Product Release Notes
      Visit our support portal for the latest release notes.
    • Free Account Signup
      Start monitoring your cybersecurity posture today.
    • Chrome Extension
      NEW
      Show the security rating of websites you visit.
    • Assessments ROI Calculator
      Calculate the ROI of automating questionnaires.
    Trust begins with transparency. Take a look at the data that drives our ratings.
    Learn more
  • Company

    Working at SecurityScorecard

    Committed to promoting diversity, inclusion, and collaboration–and having fun while doing it.

    Join our team
    • About Us
      SecurityScorecard is the global leader in cybersecurity ratings.
    • Leadership
      Meet the team that is making the world a safer place.
    • Press
      Explore our most recent press releases and coverage.
    • Events
      Join us at any of these upcoming industry events.
    • Policy Insights
      Raising the bar on cybersecurity with security ratings.
    • Careers
      APPLY TODAY
      Come join the SecurityScorecard team!
    • Contact Us
      Contact us with any questions, concerns, or thoughts.
    • Trust Portal
      Take an inside look at the data that drives our technology.
    • Help Center
      We are here to help with any questions or difficulties.
Request a demo
SecurityScorecard SecurityScorecard
BLOG

Third-Party Risk Management Regulations: What You Should Know

05/16/2022

Without a doubt, partnering with third parties has many advantages, including boosting the functionalities and performance of an organization. But despite the benefits, third parties also introduce a host of risks to an organization, potentially disrupting operations, affecting financial standing, and harming reputation. An understanding of third-party risk management regulations is essential in order to protect your organization from a security breach and maintain a positive security posture.

In this blog, we explore some of these third-party risk management regulations and their benefits.

Top 7 Common Risks When Managing Third Parties

Understanding risk management regulations first requires an understanding of just what risks are out there when it comes to managing third parties. Let’s take a closer look.

Compliance risk

There are many laws around how data can be stored, shared, and used. Maintaining compliance with these laws means knowing where your data is and who has access. If you rely on a third party to store or manage your data, or if a third party has access, it is your responsibility to ensure they, too, remain in compliance as your organization may be held liable and subject to fines or disciplinary actions if they are not.

Reputational risk

Any actions undertaken by your third-party vendors can reflect poorly on your organization’s reputation. This includes any bad press they receive, but also any cybersecurity breaches or failings they experience can also impact whether or not future customers or clients find your organization trustworthy.

Financial risk

If your third parties acquire bad debt, become insolvent, or otherwise face financial difficulties, the fallout can impact your bottom line as well. You may fail to receive services or products you paid them for, requiring you to pay a new third party. It’s also possible that a third party’s financial failings fall back on you due to contractual obligations.

Cybersecurity risk

Beyond issues of compliance, which can lead to fines or sanctions, if your third parties don’t have properly secured networks and systems, any breaches that impact them could impact you as well. If your third parties have access to your network, bad actors can gain access by first attacking the poorly secured third party. There may even be bad actors employed by the third party themselves who can gain access without even needing to breach your network.

Transaction risk

When working with a third party, you may exchange goods, services, information, money, and more. These transactions each carry a certain amount of risk that something may go wrong. For example, an order may not get fulfilled due to a system error, or a payment may get lost or delayed.

Strategic risk

Sometimes third parties fail to deliver on promises or prove unable to provide services at the level you truly need. This is a risk you take on when you contract with another party and may result in loss of funds, time, and can even derail long-term plans. Strategic risk may also come in the form of contracting with a third party whose direction and vision change over time so that it is no longer aligned with yours, requiring you to seek out a new partner.

Operational risk

If many of your processes become integrated with or absorbed by a third party, then any risk to their operational flow directly impacts yours. This risk may come in the form of a natural disaster halting operations, a system failure or downtime that leads to financial losses, or more. Operational risk may also come in the form of increased complexity — once your internal processes are tied with a third party’s processes, the entire picture is more involved and will contain more potential points of failure.

Benefits of Third-Party Risk Management Regulations

Regulations pertaining to third-party risk management may seem like red tape nuisance at first, but these regulations are in place to protect privacy and data and will ultimately reduce your organization’s risk as well. Many critical businesses and organizations — such as energy companies, financial services, and technology — rely on third-party relationships, so regulating the associated risk helps protect critical infrastructure all around.

Additional benefits of third-party risk management regulations include:

  • Reduces the potential impact of third-party failures on critical infrastructure services and the supply chain.

  • Protects organizations from risks associated with their third-party relationships.

  • Provides clear policies and best practices that have been thoroughly tested and studied that organizations can implement to reduce their third-party risk instead of having to completely develop a risk management strategy internally.

  • Makes it easier to know what to look for in a vendor and identify benchmarks when performing due diligence.

4 Third-Party Risk Management Regulations You Should Know

While a complete list of regulations varies depending upon where your organization is located, how large it is, and what kind of services it provides, here we outline some of the biggest third-party risk management regulations that apply to large swaths of the global business sector.

GDPR

The General Data Protection Regulation (GDPR) was first implemented in the European Union in May of 2018. It addresses privacy and human rights as well as the transfer of personal data outside of the European Union or European Economic Areas. The primary goal of this regulation is to give individuals more control over their personal data and to simplify international business regulations.

The GDPR applies to any organization that controls or processes data from EU residents and requires that personal data not be processed without informed consent or at least one other legal basis for doing so. Failure to comply may result in fines. For example, Amazon was fined 35 million Euros when it failed to obtain user consent for cookies in France in December 2020.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is the framework outlining the handling of credit card information. It pertains to any organization that handles credit card information or credit card transactions. The first version of the standards was released in December 2004 and has since been implemented around the world. Compliance with PCI DSS requires building and maintaining a secure network and systems, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, and more.

The standards are administered and updated by the Payment Card Industry Security Standards Council (PCI SSC) which is made up of independent and private organizations including MasterCard, American Express, Visa, and Discover Financial Services. Maintaining PCI DSS compliance helps protect your organization from data breaches. A breach while you are out of compliance could carry with it additional financial penalties.

HIPAA

In the healthcare sector, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 regulates how personally identifiable information may be maintained, used, shared, and protected. HIPAA defines uniform standards for transferring health information among healthcare providers, health plans, and clearinghouses while securing health information and ensuring patient privacy and confidentiality.

In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act further addressed healthcare industry requirements for technical and non-technical safeguards that secure Protected Health Information (PHI).

FED SR 13-19

In 2013, the Board of Governors of the Federal Reserve System released Supervision and Regulation Letter SR 13-19 regarding Guidance on Managing Outsourcing Risk. This guidance applies to all financial institutions that the Federal Reserve supervises. The goal of the letter was to supplement the FFIEC’s Outsourcing and Technology Services Booklet and to help financial institutions develop secure third-party risk management programs.

How SecurityScorecard can help manage third-party risk

One recent example comes from the New York Department of Financial Services. The NYDFS was able to modernize its supervision process in a first-in-the-nation cybersecurity effort. They are using SecurityScorecard’s cybersecurity ratings and analysis to assess the strength of the cybersecurity programs of DFS’s nearly 3,000 regulated entities.

SecurityScorecard recently hosted Kristina Littman, the U.S. Securities and Exchange Commission (SEC) Chief of Crypto Assets and Cyber Unit, for a webinar on the SEC’s evolving approach to cyber risk management. They are proposing rules to combat cybersecurity threats and implement risk mitigation processes.

Our goal at SecurityScorecard is to help organizations become safer by understanding, mitigating, and communicating cybersecurity risks. Understanding the risk of your business can start by requesting a free instant scorecard and discovering your unique security rating. SecurityScorecard’s Security Ratings come with easy-to-understand A-F ratings across ten groups of risk factors. We can also help you understand risks associated with your third-party vendors with Third-Party Risk Management, providing you a complete view of your vendor ecosystem. Request a demo to learn more today.


Return to Blog
Join us in making the world a safer place.
FREE ACCOUNT SIGN UP
Products
Solutions
Customers
Marketplace
Partners
Resources
Company
Trust Portal
Security Ratings
Login
Blog
Contact
Careers

SecurityScorecard
Tower 49
12 E 49th St
Suite 15-100
New York, NY 10017

[email protected]

United States: (800) 682-1701
International: +1(646) 809-2166
Social-linkedin Social-facebook Twitter Instagram Youtube