Skip to main content
Glossary

Third-Party Risk Management

The practice of identifying, assessing, and controlling risks introduced by external vendors, suppliers, and service providers. Your security perimeter extends to everyone who touches your data.

Why it matters

Supply chain attacks are among the fastest-growing threat vectors. A single compromised vendor can expose your data, disrupt operations, or trigger regulatory consequences. NIS2 and DORA now explicitly require organizations to manage third-party risk. You cannot outsource a service and claim the risk went with it.

In practice

Third-party risk management involves maintaining a vendor inventory, assessing each vendor against risk criteria (data access, criticality, jurisdiction), monitoring ongoing compliance, and having exit strategies for high-risk relationships. In vucavoid, third parties carry dual scores for risk and reliability, with fourth-party visibility into your vendors' own supply chains. The assessment status feeds directly into your VUCA score.

Related terms

Risk Assessment

The structured process of identifying, analyzing, and evaluating risks to decide what treatment they need.

Compliance Framework

A structured set of guidelines and controls to meet regulatory or industry security requirements.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.