Alex Golbin, IHS Markit, Global Head of Risk Assessments

  •  Effective supply chain risk management depends on a complete vendor inventory, with a risk rating methodology to identify an inherent risk profile for every single relationship. It requires having a risk treatment strategy.
  • Once a vendor is on board, you can take the time to conduct a more thorough reassessment, but a lot can happen between
    reassessments. Continuous monitoring bridges that gap between point-in-time assessments, giving you a continuous read on changing cyber rating scores.

“I absolutely encourage everyone to use continuous monitoring. . . . [W]e have a platform that allows a customer to continuously monitor for cyber rating scores . . . and other things..”

“If you look at a company’s overall risk and control environment, the bulk of the risk is going to come from its third-party portfolio,” says Alex Golbin, global head of Risk Assessments for KY3P at IHS Markit. KY3P, which stands for “Know Your Third Party,” is a joint venture between IHS Markit and 16 banks that was formed to collectively manage their vendor risk.

Primarily serving financial services companies, KY3P assesses and monitors risk related to a portfolio of vendors that includes the world’s largest technology providers and cloud-based business process outsourcers; core infrastructure vendors, including computing and data center services; equipment vendors; integrators; and many nontechnology services, such as physical goods suppliers, real estate management, and credit card processors. KY3P’s portfolio consists of hundreds of vendors. The major risks from third parties are loss of confidential data, disruptions of third parties that interfere with your ability to deliver your own critical services, and the risk of reputation damage.


This is an excerpt from 7 Experts on Evaluating and Managing Supply Chain Risk.  This eBook was generously sponsored by BlueVoyant.