Third-Party Risk Management: Monitoring Vendors' SecurityCNH Industrial's Kumar Ranjan on Ways to Manage Vendor Risks
An important component of managing third-party risks is monitoring the security technologies that vendor partners use, says Prakash Kumar Ranjan, IT security manager at CNH Industrial, a Netherlands-based capital goods firm.
Companies hiring vendors need to determine if those third parties are enforcing their security policies and whether those policies "are aligned with their cybersecurity policies," Ranjan says in an interview with Information Security Media Group.
Another critical step, he says, is to identify the kind of data being handled by vendors and how it's protected. "Then we need to enforce stringent security policies, because if there is any breach, the company's reputation is at stake," Ranjan says.
In this interview (see audio link below photo), Ranjan discusses:
- The importance of creating an inventory of third-party vendors a company uses;
- How to track vendors' security practices;
- Challenges involved when implementing a vendor risk management program;
- Why having a good communication channel with vendors is so important.
Ranjan is risk and compliance manager at CNH Industrial. He has experience in security operation center design and management; IT risk assessment; review and implementation of security solutions; and regulatory compliance.