Skip to content
Log in

Third-party risk

Definition

The information security, operational, legal, or reputational risk introduced to an organisation by its relationships with external parties including vendors, suppliers, cloud providers, and contractors. Third-party risk is not limited to data breaches; it includes service disruption, compliance exposure, and reputational harm arising from the vendor's conduct.

Related terms

Due diligence questionnaire (DDQ)
A structured questionnaire sent to a prospective vendor before onboarding, asking the vendor to describe its security controls, certifications, incident history, subprocessor...
Offboarding controls
The set of actions taken when a vendor relationship ends: revoking access credentials, recovering or destroying shared data, terminating network connectivity, and...
Right-to-audit clause
A contractual provision that gives the organisation the right to audit or assess the vendor's security controls, either directly or through a...
Subprocessor
A third party engaged by a vendor (the processor) to perform part of the service that involves the organisation's data. Under GDPR...
Vendor tiering
The classification of vendors into risk tiers, typically Tier 1 (critical), Tier 2 (significant), and Tier 3 (low), based on factors such...

Explained in

  • Third-Party Risk Management ProgrammeThe information security, operational, legal, or reputational risk introduced to an organisation by its relationships with external parties including vendors,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account