Close

FCCS News & Insights

Happenings, Insights, Thought Leadership, Forward Thinking Podcast Episodes

Share

New National Discount Program Supplier – BitSight

Building a Third Party Risk Management Program

When looking at cyber security threats to Farm Credit, it is no longer sufficient to enlist the best practices for your institution without evaluating the practices of your vendors and partners. In consideration of some high profile cases of cyber breaches in the past few years—including major corporations such as Target, American Express, and Experian—it is evident how serious third party breaches can be.

Because these breaches cost a great deal to the organizations and customers affected, it is critical to move forward with plans to evaluate and mitigate the risks posed by vendors and other business partners. 

Legal Implications of Ineffective Third Party Risk Management
Third party risk management programs are more than an obligation to your customers; these programs are being brought to the forefront and scrutinized by regulatory entities conducting oversight. 

What are the Immediate Steps to Ensure Appropriate Third Party Cyber Security? 
There are four key steps to take for a top-notch security program:

  1. Identify and Tier Third Parties: A working group including IT, IT security, procurement and legal should identify and classify vendors. Vendors handling data that is regulated or confidential should be prioritized as critical.
  2. Assess Security: There are a number of methods we can use to assess security. The most common tools are generally audits, requests for documentation, vulnerability scans, penetration tests and questionnaires.
  3. Negotiate Contractual Terms: Existing contracts need to be reviewed to ensure they reflect the level of security you expect. Use “point in time” tools to evaluate third parties.
  4. Ongoing and Continuous Monitoring: This involves constant oversight integrated into the lifecycle of the security assessment process, and leverages the use of automated feeds.

For more information on your BitSight Security Rating, contact us at https://www.bitsighttech.com/fcc-services

BitSight Technologies is our newest National Discount Program supplier for Cybersecurity Ratings for Vendor Risk Management and Benchmarking. More educational resources and partner contact information are available at https://www.bitsighttech.com/fcc-services

Recent News & Views

Passkey Partner Agcor Releases White Paper on GIS Technology for Improving Your Operations

Insurance Renewal Strategy Yields Significant Savings

Digital Transformation Strategies: Thriving in the Current Landscape By Future Point of View (FPOV)

Leadership Development at Farm Credit Services of America
 
Stay Connected

Newsletter

Podcast

Videos