A cleaning company with access to a CEO's filing cabinet represents a different but still significant risk relative to a supplier who provides a critical component to the production line.
Hackers exploited an HVAC contractor with poor cyber-security who conducted electronic payments with Target and thus had access to behind the firewall.
[3] Due to trends towards specialization and outsourcing, companies increasingly focused on core competencies are engaging greater numbers of third parties to perform key functions in their business value chain;[4] third-party activity is typically responsible for driving approximately 60% of total revenue.
The use of third-party management systems is mandated by the Office of the Comptroller of the Currency for American national banks and federal savings associations.
While other industries are not required by law to have third-party management systems in place, most non-financial companies are bound by anti-bribery/anti-corruption (ABAC) and other regulations.
[14] The market for SRS becomes increasingly competitive as providers such as BitSight and Panorays offer companies to compile different risk factors to calculate a quantitative score for vendor comparison.