Blogpost

Third & Nth Party Continuous Monitoring: Standing Up An Effective Program

By Bob Jones
September 11, 2024

Shared Assessments newest paper, Third & Nth Party Continuous Monitoring: Standing Up An Effective Program, provides specific guidance on standing up a continuous monitoring program in any industry. Many organizations lack clarity around the volume of third parties and Nth parties with which they engage and the risks posed by those down-chain providers. Continuous monitoring can help disclose Nth party providers not visible by other means.

The Building & Maturing TPRM Programs table included in this resource provides guidance on incorporating continuous monitoring into organizations and programs of varying levels of size, resourcing, and maturity. Monitoring types include: Infrastructure & Application Monitoring; Geolocation Risk Monitoring; and Incident Response Monitoring.

This paper provides insight into:

  • What continuous monitoring is.
  • Why continuous monitoring is useful and its benefits in the TPRM context.
  • How to stand up a TPRM-focused continuous monitoring program.
  • How to leverage existing resources to best advantage and build maturity.
  • What to monitor and how to go about managing continuous monitoring data.

 

Continuous monitoring helps improve risk management and supports operational resilience by providing insight into inbound and outbound supply chains for both services and tangible goods. Focusing continuous monitoring on Nth party and location risks serves as a practical and efficient risk early warning system.

 

This resource represents the work of the Shared Assessments Global TPRM Best Practices Committee and project team of SMEs who stepped forward to update this guide. The best practice solutions that have evolved over the past two decades are brought together and refined by this group, which last year focused on ransomware preparedness, reputational risk, and onsite assessment best practices. The Global TPRM Best Practices Committee, open to members and non-members, currently has more than 260 registered individuals from 185 organizations spanning 15 time zones. If you would like to join, we’d love to have you. You can learn about our other committees at https://sharedassessments.org/committees/.

 

The full paper and Practitioner Guide are available for download here.

 

Author:

Bob Jones

Bob Jones is deeply committed to contributing to the well-being of the financial services community. A well-known and sought-after expert in risk management strategy, he has 50 years of experience leading fraud risk management and risk management strategy. When not writing blogs for SharedAssessments, Bob enjoys playing with his 4 grandchildren and 2 granddogs.