Menu & Login Close Menu

Menu

Account
Premium

Third Party InfoSec Risk Playbook

Download Playbook

Effectively managing information security risk arising from third party relationships is an essential aspect of GRC capability that drives successful attainment of Principled Performance.

Effectively managing information security risk arising from third party relationships is an essential aspect of GRC capability that drives successful attainment of Principled Performance.

It is a key “play in the game” so we have developed this Principled Performance Playbook to address the issue and provide the reader with some essential guidance and tools to get started. Just like a football playbook, this document outlines the steps to take – or plays – and sets up the structure for assignment of the various tasks to those in your organization.

Although this playbook focuses on third party cybersecurity risk, third parties can present other risks that impact your company reputation such as ethics/integrity, product/service quality or business continuity. This Playbook takes a deep dive into one discrete aspect – the third party risk assessment process for controlling information security risk. The process is illustrated in the context of information security training – one of many information security vulnerabilities. It provides three play sheets that outline key actions, which should be adapted to fit the specific risks you are assessing.

Featured in: Third Party Management , Information Security , Risk Management

Related Resources

Preparing for Change in Third Party Risk Management Technology

Premium
Playbooks

Third-Party Risk Management (eBook)

Premium
eBooks

Third-Party Risk Deep Dive: Calculating Inherent Risk Slide Deck

Slide decks
Back to top
OCEG © 2002 - 2025 OCEG

Terms of Service

Privacy Policy

Refund Policy

support@oceg.org

Contact Us

Information & Billing
+1 (602) 234-9278

Principled Performance®, Driving Principled Performance®, Putting Principles Into Practice®, OCEG®, GRC360°®, ActiveLearning®, EventDay® and LeanGRC® are registered trademarks of OCEG®.

Protector Skillset™, Protector Mindset™, Protector Code™, Lines of Accountability™, GRC Professional™, GRCP™, GRC Fundamentals™, GRC Auditor™, GRCA™, GRC Audit Fundamentals™, Data Privacy Fundamentals™, Integrated Data Privacy Professional™, IDPP™, Policy Management Fundamentals™, Integrated Policy Management Professional™, IPMP™, Integrated Audit & Assurance Professional™, IAAP™, Integrated Governance & Oversight Professional™, IGOP™, Integrated Strategy & Performance Professional™, ISPP™, Integrated Risk Management Professional™, IRMP™, Integrated Decision Management Professional™, IDMP™, Integrated Compliance & Ethics Professional™, ICEP™, Integrated Business Continuity Professional™, IBCP™, Integrated Information Security Professional™, IISP™ are trademarks of OCEG®.

You purchased an automatically renewing subscription. Do you want a reminder?

Your automatically renewing subscription is active. It will automatically renew 12 months from your original purchase. If you do not want it to automatically renew, remember that you must cancel BEFORE renewal. OCEG does offer refunds AFTER charges per our Terms of Service. Would you like a reminder?