|
Third party management is the process whereby companies monitor and manage interactions with all external parties with which it has a relationship. This may include both contractual and non-contractual parties. Third party management is conducted primarily for the purpose of assessing the ongoing behavior, performance and risk that each third party relationship represents to a company. Areas of monitoring include supplier and vendor information management, corporate and social responsibility compliance, supplier risk management, IT vendor risk, anti-bribery/anti-corruption (ABAC) compliance, information security (infosec) compliance, performance measurement, and contract risk management.〔"CMS Guide to Anti-Bribery and Corruption Laws", CMS Legal. http://www.cmslegal.com/Hubbard.FileSystem/files/Publication/867d81f9-25b2-49d3-9991-04a3a5e862d5/Presentation/PublicationAttachment/53cb5525-344f-4b8f-9bab-081aeacadd93/Guide-to-Anti-bribery-and-corruption-laws-final.pdf〕 The importance of third party management was elevated in 2013 when the US Office of the Comptroller of the Currency stipulated that all regulated banks must manage the risk of all their third parties.〔(【引用サイトリンク】title=OCC: Third-Party Relationships: Risk Management Guidance )〕 ==Third Parties== A ‘third party’, as defined in OCC 2013-29, is any entity that a company does business with.〔 This may include suppliers, vendors, contract manufacturers, partners and affiliates, brokers, distributors, resellers, and agents.〔 Third parties can be both ‘upstream’ (suppliers and vendors) and ‘downstream’, (distributors and re-sellers) as well as non-contractual parties.〔 Firms do not have to conduct critical activities to be considered a ‘third party’; a cleaning services firm responsible for maintaining a company’s office space is a third party as much as a primary supply-chain supplier. The role or size of the third party is not as important as the nature of the relationship, the criticality of its activities, the level of access it has to sensitive data or property, and a company’s accountability for inappropriate actions of its third parties. A cleaning company with access to a CEO’s filing cabinet represents a different but still significant risk relative to a supplier who provides a critical component to the production line. A non-critical service provider - such as an air-conditioning contractor - operating in a country with low corruption risk may erroneously be considered a low risk. However, if that contractor has poor cyber-security and is able to submit invoices to a customer electronically across the customer’s firewall, this may represent a high cyber risk to the customer company. Target Corporation's December 2013 data breach, in which approximately 70 million Target customers’ credit and debit card information was stolen, highlights the cyber security risk posed by innocent third parties – even in low risk countries such as the USA. Hackers exploited an HVAC contractor with poor cyber-security who conducted electronic payments with Target and thus had access to behind the firewall. Due to trends towards specialization and outsourcing, companies increasingly focused on core competencies are engaging greater numbers of third parties to perform key functions in their business value chain;〔(【引用サイトリンク】title=Outsourcing: on the increase as firms hone core competencies )〕 third party activity is typically responsible for driving approximately 60% of total revenue.〔"Use Cases for Third Party Management", Hiperos 3PM White Paper〕 This trend is creating greater numbers of critical third party relationships throughout the economy which – in the case of companies with tens of thousands and even hundreds of thousands of third party relationships – can become cumbersome to monitor and manage manually. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Third Party Management」の詳細全文を読む スポンサード リンク
|