Third Party Risk Management – The Intersection of Dysfunction and Groundhog Day

David Levine

Vice President Corporate and Information Security, CSO CISM at RICOH USA, Inc.

Learning Objectives

Gauging the risk and security of our partners, third parties and solutions is something we all have to do but is a painful and dysfunctional process today. In this presentation we will look at the current state of the union, what's working and what isn't and what we need to do going forward.


Some of the specific things I will touch on include:


Internal processes are frequently flawed as well as the tools and technology that support those processes (Lack of understanding, bad questionnaires, unreasonable timeframes etc.)


The people involved aren't always the right contacts and the use of third parties to run your TPRM program only complicates matters


Applicability is key but frequently not part of the discussion


We need to drive to consistent platforms and standards


Key Takeaways:



  • The current state of third part risk management

  • Applicability and ease of use matter

  • We have to drive to standardization