In speaking with customers and prospects, we realize that one of the biggest pain points around third-party risk management is communication with the third-parties. It’s hard to set expectations and discuss findings via email, as ginormous threads are generated by a constant back & forth, lost attachments, and simply too much time. So how to improve communication with third-parties?
First, let’s start by defining it. The topics you might want to discuss or communicate about with a third-party cover the entire risk assessment and mitigation process, including the intake, the requirements, and the findings on those requirements. For example:
- Insurances, certifications, and audits you want them to provide
- Questionnaires you want them to fill out
- Questions about submitted documentation
- Questions about what services, tools, or procedures the third-party is going to provide
So why is it important to have fluent communication? Because it’s the only way to express your expectations and be clear about what you’re looking for.
Communicating over email threads with spreadsheets attached is too time consuming and often impractical, as information gets lost in the way. Not to mention it’s hard to search and report on specific documents.
The solution, of course, is technology. Our ThirdPartyTrust platform facilitates interaction and collaboration with third-parties, thus solving one of the biggest challenges of CISOs and risk managers across several industries. If an issue arises regarding a security assessment, you can have a direct conversation with your third-party without leaving the platform. This ultimately cuts down the back and forth and lowers the amount of emails and calls.
Communication With Third-Parties: With and Without a TPRM Tool
Without a dedicated TPRM tool, it’s difficult to achieve what you’re expecting from a third-party via email. A few points to consider:
- Back & forth via email takes an average 3 months, whereas a platform can shorten it to 4-6 weeks.
- Email threads make it difficult to retrieve specific information, whereas a fit-for-purpose solution can offer a dashboard with a clear picture of what everyone did and when, as well as the ability to report.
- If you’re asking too much of a third-party or if the process turns out to be too exhausting for any of the parts, you might end up losing contracts. However, a dedicated tool will streamline the process.
A final tip: be reasonable with requirements and time frames to further improve communication. You can’t expect the same from a small shop than from a big enterprise, and it’s not the same to ask for a 10-question custom questionnaire than for a SIG Full questionnaire.
To learn more about how ThirdPartyTrust can help you streamline communication with third-parties, request your free trial now: