What is involved in Third Party Management
Find out what the related areas are that Third Party Management connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Third Party Management thinking-frame.
How far is your company on its Third Party Management journey?
Take this short survey to gauge your organization’s progress toward Third Party Management leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which Third Party Management related domains to cover and 96 essential critical questions to check off in that domain.
The following domains are covered:
Third Party Management, Third-party management, Contract manufacturer, Corporate social responsibility, Corruption Perceptions Index, Financial Conduct Authority, Firewall, Foreign Corrupt Practices Act, Governance, risk management, and compliance, Information security, Office of the Comptroller of the Currency, Performance measurement, Reseller, Software as a service, Supplier Risk Management, Target Corporation, Value chain, Vendor:
Third Party Management Critical Criteria:
Facilitate Third Party Management visions and assess what counts with Third Party Management that we are not counting.
– Is the Third Party Management organization completing tasks effectively and efficiently?
– How can skill-level changes improve Third Party Management?
– Why should we adopt a Third Party Management framework?
Third-party management Critical Criteria:
Brainstorm over Third-party management decisions and adjust implementation of Third-party management.
– What are your current levels and trends in key measures or indicators of Third Party Management product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?
– What are the long-term Third Party Management goals?
– Who sets the Third Party Management standards?
Contract manufacturer Critical Criteria:
Experiment with Contract manufacturer management and catalog what business benefits will Contract manufacturer goals deliver if achieved.
– Consider your own Third Party Management project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
– What are our needs in relation to Third Party Management skills, labor, equipment, and markets?
– Why are Third Party Management skills important?
Corporate social responsibility Critical Criteria:
Paraphrase Corporate social responsibility issues and forecast involvement of future Corporate social responsibility projects in development.
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Third Party Management process. ask yourself: are the records needed as inputs to the Third Party Management process available?
– What is the different in meaning if any between the terms Sustainability and Corporate Social Responsibility?
– What if your company publishes an environmental or corporate social responsibility report?
– What potential environmental factors impact the Third Party Management effort?
Corruption Perceptions Index Critical Criteria:
Start Corruption Perceptions Index engagements and find out.
– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding Third Party Management?
– How do senior leaders actions reflect a commitment to the organizations Third Party Management values?
– What threat is Third Party Management addressing?
Financial Conduct Authority Critical Criteria:
Troubleshoot Financial Conduct Authority engagements and forecast involvement of future Financial Conduct Authority projects in development.
– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Third Party Management services/products?
– Can Management personnel recognize the monetary benefit of Third Party Management?
– Is Supporting Third Party Management documentation required?
Firewall Critical Criteria:
Merge Firewall failures and sort Firewall activities.
– If the firewall runs on an individual host for which all users are not trusted system administrators, how vulnerable is it to tampering by a user logged into the operating system running on the protected hosts?
– Is payment card account information stored in a database located on the internal network (not the dmz) and protected by a firewall?
– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?
– Are the firewall, router, wireless access points, and authentication server logs regularly reviewed for unauthorized traffic?
– If wireless technology is used, do perimeter firewalls exist between wireless networks and the payment card environment?
– Are web servers located on a publicly reachable network segment separated from the internal network by a firewall (dmz)?
– Is the firewall configured to translate (hide) internal ip addresses, using network address translation (nat)?
– Is a firewall used to protect the network and limit traffic to that which is required to conduct business?
– Does the providers firewall control IPv6 access, or protect against both IPv4 and IPv6 attacks?
– How does the firewall quality affect the likelihood of a security breach or the expected loss?
– How vulnerable is the firewall to attacks via the network against the firewall itself?
– How do we maintaining integrity between communication ports and firewalls?
– Do changes to the firewall need authorization and are the changes logged?
– Which Third Party Management goals are the most important?
– Can the firewall support hot-standby/failover/clustering?
– Is there router and firewall encryption?
– How do you justify a new firewall?
– How many Firewalls do you have?
Foreign Corrupt Practices Act Critical Criteria:
Have a session on Foreign Corrupt Practices Act engagements and drive action.
– What tools and technologies are needed for a custom Third Party Management project?
– Are there recognized Third Party Management problems?
– What are our Third Party Management Processes?
Governance, risk management, and compliance Critical Criteria:
Review Governance, risk management, and compliance engagements and give examples utilizing a core of simple Governance, risk management, and compliance skills.
Information security Critical Criteria:
Demonstrate Information security outcomes and use obstacles to break out of ruts.
– Has the organization established an Identity and Access Management program that is consistent with requirements, policy, and applicable guidelines and which identifies users and network devices?
– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?
– Is there an information security policy to provide mgmt direction and support for information security in accordance with business requirements, relevant laws and regulations?
– Are information security policies and other relevant security information disseminated to all system users (including vendors, contractors, and business partners)?
– Based on our information security Risk Management strategy, do we have official written information security and privacy policies, standards, or procedures?
– Is the documented Information Security Mgmt System (ISMS) established, implemented, operated, monitored, reviewed, maintained and improved?
– Are information security roles and responsibilities coordinated and aligned with internal roles and external partners?
– Are we requesting exemption from or modification to established information security policies or standards?
– Have standards for information security across all entities been established or codified into regulations?
– Does your organization have a chief information security officer (CISO or equivalent title)?
– Are information security policies reviewed at least once a year and updated as needed?
– What is true about the trusted computing base in information security?
– Does mgmt establish roles and responsibilities for information security?
– What is the goal of information security?
Office of the Comptroller of the Currency Critical Criteria:
Meet over Office of the Comptroller of the Currency adoptions and spearhead techniques for implementing Office of the Comptroller of the Currency.
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Third Party Management processes?
– Is there a Third Party Management Communication plan covering who needs to get what information when?
Performance measurement Critical Criteria:
Deduce Performance measurement governance and assess what counts with Performance measurement that we are not counting.
– Constantly communicate the new direction to staff. HR must rapidly readjust organizational charts, job descriptions, workflow processes, salary levels, performance measurement, etc. Why?
– what is the best design framework for Third Party Management organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?
– Performance measurement system design: Should process based approaches be adopted?
– Have you identified your Third Party Management key performance indicators?
– What are all of our Third Party Management domains and what do they do?
– The performance measurement revolution: why now and what next?
Reseller Critical Criteria:
Graph Reseller leadership and shift your focus.
– What are the barriers to increased Third Party Management production?
Software as a service Critical Criteria:
Check Software as a service visions and observe effective Software as a service.
– Where do ideas that reach policy makers and planners as proposals for Third Party Management strengthening and reform actually originate?
– Why are Service Level Agreements a dying breed in the software as a service industry?
– How is the value delivered by Third Party Management being measured?
– How can you measure Third Party Management in a systematic way?
Supplier Risk Management Critical Criteria:
Generalize Supplier Risk Management tasks and get out your magnifying glass.
– Do we monitor the Third Party Management decisions made and fine tune them as they evolve?
– What are the short and long-term Third Party Management goals?
Target Corporation Critical Criteria:
Consolidate Target Corporation failures and optimize Target Corporation leadership as a key to advancement.
– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which Third Party Management models, tools and techniques are necessary?
– Do those selected for the Third Party Management team have a good general understanding of what Third Party Management is all about?
Value chain Critical Criteria:
Examine Value chain tasks and track iterative Value chain results.
– Can we add value to the current Third Party Management decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?
– Is Third Party Management dependent on the successful delivery of a current project?
– Do you monitor the effectiveness of your Third Party Management activities?
Vendor Critical Criteria:
Categorize Vendor adoptions and look at it backwards.
– In regards to blogs/chat rooms does the vendor need to supply a built in blog/chat room tool, or simply link from the portal to an existing blog/chat room?
– If wireless technology is used, are vendor default settings changed (i.e. wep keys, ssid, passwords, snmp community strings, disabling ssid broadcasts)?
– What should an organization consider before migrating its applications and operating system to the public cloud to prevent vendor lock-in?
– Wait for your Preferred Vendors to show you how you are performing or do you proactively manage your key vendors?
– What are the existing or planned mechanisms to assess the interoperability of different vendor implementations?
– Who will be responsible for extraction of the legacy data and will work with the vendor on transformation?
– What is the most effective strategy to coordinate versions of vendor code with versions of product code?
– Do we have trusted vendors to guide us through the process of adopting business intelligence systems?
– What is your it asset management program. is it manual or automated (which vendor)?
– Are there products from different vendors in the market to implement this standard?
– Have vendors documented and independently verified their Cybersecurity controls?
– Who are the key vendors that you want to closely follow as this space advances?
– Is the vendor able to develop and publish virus signatures in a timely manner?
– Do vendors have experience in producing high quality it security products?
– How has the economy impacted how we determine ongoing vendor viability?
– What are the key cloud security issues to consider in vendor selection?
– Has the vendor developed a security configuration guide?
– What is the long-term viability of the vendor?
– What is the vendors partner ecosystem?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Third Party Management Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
Third Party Management External links:
Welcome to TRACE’s Third Party Management System (TPMS)
Third Party Management – Galman Group
Vendor Risk Management Software – Third Party Management
Contract manufacturer External links:
DeWys Manufacturing, Lean Contract Manufacturer
Genzink Steel: Fabrication and Welding Contract Manufacturer …
Corporate social responsibility External links:
2016 Corporate Social Responsibility Report – U.S. Bank
Corporate Social Responsibility | The Aerospace …
Corporate Social Responsibility — Wells Fargo
Corruption Perceptions Index External links:
Corruption Perceptions Index 2016 – Transparency …
corruption perceptions index (CPI) – Britannica.com
How Africa Fares In The Corruption Perceptions Index 2016
Financial Conduct Authority External links:
Financial Conduct Authority :: Law360
Financial Conduct Authority to review current accounts
Firewall External links:
CUJO AI Internet Security Firewall – Stay Safe Online
Automatically diagnose and fix problems with Windows Firewall
GlassWire – Personal Firewall & Network Monitor
Foreign Corrupt Practices Act External links:
[PDF]FOREIGN CORRUPT PRACTICES ACT – Princeton …
Governance, risk management, and compliance External links:
Career Path – Governance, Risk Management, and Compliance …
Information security External links:
Federal Information Security Management Act of 2002 – NIST
ALTA – Information Security
Managed Security Services | Information Security Solutions
Performance measurement External links:
http://Performance measurement is the process of collecting, analyzing and/or reporting information regarding the performance of an individual, group, organization, system or component. It can involve studying processes/strategies within organizations, or studying engineering processes/jjparameters/phenomena, to see whether output are in line with what was intended or should have been achieved.
Performance Measurement – NCQA
NCQA > Performance Measurement
Reseller External links:
Bobrick Washroom Accessories | Authorized Bobrick Reseller
KHS Reseller Login
Software as a service External links:
[PDF]Software as a Service (SaaS)
DENTAWEB Software as a service
Enterprise Gamification Software as a Service Platform
Supplier Risk Management External links:
[PDF]Supplier Risk Management Through Standard …
Target Corporation External links:
Up and Up alcohol (swab) Target Corporation – Drugs.com
Target Corporation – TGT – Stock Price Today – Zacks
Value chain External links:
The Innovation Value Chain – CBS News
Data Value Chain | Onvia
U.S. Global Value Chain Coalition
Vendor External links:
D.R. Horton Vendor Extranet
Vendor Sign-Up – WFG Lender Services
Accurate Group – Vendor Services