Steven Parker, TBC Corporation, Chief Information Security Officer

  • Once a vendor is brought on board and the business relationship begins, there must be periodic reviews of that vendor, there must
    be continuous monitoring of its public-facing IT infrastructure.
  • There is a growing challenge in keeping third-party relationships secure. Cybersecurity itself is becoming more difficult, and smaller companies cannot keep up. Yet, most businesses are not in a position to become security consultants for their third-party suppliers.

“We use a third party to look at vendors’ public-facing environments and monitor points of entry. . . . It is a continuous monitoring process.”

Businesses depend on third-party vendors for business-critical products and services. Companies are increasingly recognizing the security risk that thirdparty relationships pose and taking stronger measures to manage that risk. “We have hundreds of vendors, ranging from providers of office supplies and information technology (IT) services to large suppliers of our core products, such as tire manufacturers,” says Steven Parker, chief information security officer of TBC Corporation, one of North America’s largest marketers of automotive replacement tires. “Supply chain risk is a big concern for us.”

To mitigate that risk, Parker oversees a third-party risk management program that consists of initial vendor security assessment, vendor monitoring, and vendor review.

Whenever a business owner wants to establish a new vendor relationship, Parker’s team first performs an assessment of that vendor. This assessment begins with a classification of the vendor based on supply risk to the business and overall cyber risk. The nature of the cyber risk evaluation depends in part on the type of service the vendor would provide the company, but it’s a determination of the vendor’s ability to adhere to industry-standard security frameworks within the context of the services it would provide. 

This is an excerpt from 7 Experts on Evaluating and Managing Supply Chain Risk.  This eBook was generously sponsored by BlueVoyant.