The process of assessing and controlling the security and continuity risks that suppliers and service providers introduce.
Third-party risk management addresses the reality that an organization's security depends partly on its vendors. It involves assessing suppliers before onboarding, setting security requirements in contracts, and monitoring them through the relationship.
Supply chain risk has become a regulatory focus: NIS2 and DORA both require organizations to manage the risk their critical providers pose, not just their own systems.
KaitoSec