When it comes to third-party vendors, there is no one-stop solution to mitigating risks. However, there are some key elements that could play a vital role in managing risks more effectively. Take for example Target and Lowes. Both are reeling from data breaches due to a lack of third party security protocols. These breaches did immeasurable damage, yet could have avoided by integrating two very import risk mitigating tactics -- a comprehensive Service-Level Agreement (SLA) and SRM (supplier relationship management) Program.
According to TechTarget.com, SLAs are negotiable instruments that reflect the company’s appetite or tolerance for risk; its size and complexity, geographic distribution, type of information managed, as well as the ability to effectively monitor the third-party management program. In the case of Sony’s PlayStation Network producing one of the worst data breaches of the 21st century in April 2011, a thorough SLA could have included a third-party data breach violation penalty which could have offset the millions lost while the site was down for a month. In order to most completely address risk in an SLA, the following should be considered: security and privacy of information, safety and risk analysis, compliance obligation scope, enforcement structure, internal audit accessibility and disclosure requirements, and corrupt practices management.
Since trust in suppliers alone cannot prevent scandal or potential risk, an in-depth SLA is a critical component to risk mitigation along with an all-encompassing supplier relationship management program. Through monitoring a supplier’s operations, a company has the potential to be confronted of compliance issues early on, before a widespread scandal can occur. In this sort of relationship, although a supplier may not be a direct component of a company, an organization would be held accountable as though a third-party association was a direct employee in certain industries. To prevent an outside party from causing widespread scandal and damaging brand reputation, it is crucial to have control mechanisms in place.
Through establishing a common set of procedures for interacting with suppliers, an SRM program opens communications and enhances the way companies work together. With this enhanced visibility into supplier operations, there is less threat of an incident causing lost sales or hardship because the company would institute structure to their roles that would be continually monitored and assumingly accident-proof.
Whichever the method of risk mitigation, it is essential to prepare for any disturbance to business whether through proper SLA preparation or an in-depth SRM program. The consequences of negligence can be ground-breaking and are—in many industry leaders’ opinions—worth the investment.
Heather Grossmuller is a Marketing Manager at Source One Management Services, LLC, a Philadelphia Business Journal “People on the Move” Recognition Recipient, an advisory board representative of La Salle University’s Association of Women MBAs, and all-around marketing enthusiast. As Marketing Manager, she oversees Source One’s efforts in internal/external communications ranging from social media management to recruitment.