Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Best Practices and Strategies for Third-Party Risk Management

In today’s interconnected business landscape, third-party relationships are integral yet pose significant risks to organizations. How can you effectively manage strategies for third-party risks while ensuring the security of your data and operations? In our recent video discussion, industry expert Salil Aroskar, hailing from Athenahealth, delves into the nuances of third-party risk management. From screening and assessing to onboarding, Salil provides invaluable insights to navigate the intricacies of third-party risk management. Join us as we unravel the secrets to effective risk management in an ever-evolving business environment.

Play Video

As the conversation begins, Salil highlights the multifaceted nature of third-party risk management. He emphasizes the importance of robust processes and clear communication channels between security teams, business owners, and vendor management teams.


Effective Third-Party Risk Management Lifecycle


Salil explains that the initial step involves screening potential vendors based on the nature of the business relationship and classifying them according to risk levels. For instance, critical vendors handling sensitive information require closer scrutiny. Subsequently, the team must conduct a detailed assessment of vendors’ security practices to identify and mitigate potential risks before signing contracts or onboarding vendors. Contracts should clearly define responsibilities, including incident response protocols and data sharing agreements.


Furthermore, the conversation highlights that risk management is an ongoing process, with continuous monitoring enabling the timely identification of emerging threats and evaluation of vendor performance. Leveraging threat intelligence and automation tools can streamline this process.


Despite preventive measures, some residual risks are unavoidable. Transparent communication and documentation, along with periodic reviews and maintaining a risk register, help manage these risks effectively. Additionally, conducting periodic reviews and maintaining a risk register are effective strategies for third party risk mitigation. It ensures accountability and facilitates informed decision-making regarding these risks.


Off-boarding, often overlooked, is a critical phase in the vendor lifecycle. Establishing clear off-boarding terms in contracts, documenting processes, and maintaining evidence ensures compliance and smooth transitions.


In conclusion, third-party risk management is complex but essential for healthcare IT security. Implementing robust processes, clear communication channels, and leveraging automation tools can effectively identify, assess, and mitigate risks associated with external vendors. Continuous monitoring and proactive approaches are key strategies for third-party risk management.


Interested in delving deeper into third-party risk management? Check out our previous video featuring Salil Aroskar where we discussed more about his career, landscape, and challenges in risk management and third party relationships.




Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.