Manage fourth-party and concentration risk
Use the Fourth Parties view to surface shared providers and concentration, drill into each, and treat shared dependencies as a distinct concentration risk.
Try it in CybervergentOverview
See your extended supply chain and where a single provider could take down many vendors.
Step-by-step
- 1 Open the risk initiative and open the Fourth Parties view from the options menu.
- 2 Review the summary cards for distinct providers and shared dependencies.
- 3 Review 'Concentration by Provider' to see which providers many of your vendors depend on.
- 4 Open a provider's 'View' to see its reported information and which third parties listed it.
- 5 Treat any provider used by more than one vendor as a concentration risk, since its disruption cascades across them.
- 6 Factor concentration into your continuity planning and into the risk position of the dependent vendors.
Related articles
Third-Party Program Stand up a third-party risk program Build a tiered, owned third-party risk program from framework to live register. Third-Party Program Onboard and tier your vendors Bring the vendor population into the register and classify it by criticality and tier. Third-Party Program Run vendor reassessment at scale Keep a large vendor population current with cadence-driven reassessment. Third-Party Program Monitor vendors continuously Move beyond point-in-time assessment to continuous monitoring of vendor assets.