3rd Party Risk Management , Governance & Risk Management , Risk Assessments

Third-Party Risk Management: Asking the Right Questions

Santa Fe Group's Brad Keller on Key Issues That Need to Be Addressed
Third-Party Risk Management: Asking the Right Questions

An effective third-party risk management program starts with asking the right questions, says Brad Keller, chief strategy officer and senior vice president, the Santa Fe Group, a strategic advisory company.

"It starts with: What risks am I taking on?" Keller says in an interview with Information Security Media Group. "What am I exposing my company to? And what kind of controls do I have to put in place? This goes all the way through to: What happens if I have to replace this vendor?"

In this interview (see audio link below image), Keller also provides insights on a number of other vendor risk management topics, including:

  • How various business units within an organization can help manage third-party risks;
  • How to deal with the issue of managing fourth-party - or subcontractor - risks;
  • The role of continuous monitoring services;
  • Insights on forming a vendor risk management team.

Keller is chief strategy officer and senior vice president at the Santa Fe Group, which has been developing a third-party risk assessments program. He led the development of Shared Assessments Vendor Risk Management Maturity Model and the Certified Third Party Risk Professional program. During his years in banking, Keller was responsible for risk management, privacy and regulatory compliance, including third-party oversight.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.