Third-party risk assessments are the traditional method to provide vendor assurance. However, it is obvious this is not working. Third party risk must evolve to ensure that vendors not only profess to have security controls, but those controls actually work.
In this presentation, we define a new approach to third party management. Rather than managing risk, manage trust. We will explain how to structure a program to handle a diverse array of third parties while providing scientifically valid risk data.