Menu Close Menu

Menu

Account
Premium

Third Party InfoSec Risk Playbook

Download Playbook

Effectively managing information security risk arising from third party relationships is an essential aspect of GRC capability that drives successful attainment of Principled Performance.

Effectively managing information security risk arising from third party relationships is an essential aspect of GRC capability that drives successful attainment of Principled Performance.

It is a key “play in the game” so we have developed this Principled Performance Playbook to address the issue and provide the reader with some essential guidance and tools to get started. Just like a football playbook, this document outlines the steps to take – or plays – and sets up the structure for assignment of the various tasks to those in your organization.

Although this playbook focuses on third party cybersecurity risk, third parties can present other risks that impact your company reputation such as ethics/integrity, product/service quality or business continuity. This Playbook takes a deep dive into one discrete aspect – the third party risk assessment process for controlling information security risk. The process is illustrated in the context of information security training – one of many information security vulnerabilities. It provides three play sheets that outline key actions, which should be adapted to fit the specific risks you are assessing.

Featured in: Third Party Management , Information Security , Risk Management

Related Resources
Back to top
OCEG © 2002 - 2024 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance, Driving Principled Performance, Putting Principles Into Practice, OCEG, GRC360°, ActiveLearning, EventDay and LeanGRC are registered trademarks of OCEG.

Protector Skillset, Protector Mindset, Protector Code, Lines of Accountability, GRC Professional, GRCP, GRC Fundamentals, GRC Auditor, GRCA, GRC Audit Fundamentals, Data Privacy Fundamentals, Integrated Data Privacy Professional, IDPP, Policy Management Fundamentals, Integrated Policy Management Professional, IPMP, Integrated Audit & Assurance Professional, IAAP, Integrated Governance & Oversight Professional, IGOP, Integrated Strategy & Performance Professional, ISPP, Integrated Risk Management Professional, IRMP, Integrated Decision Management Professional, IDMP, Integrated Compliance & Ethics Professional, ICEP, Integrated Business Continuity Professional, IBCP, Integrated Information Security Professional, IISP are trademarks of OCEG.