Third Party Risk Management in 2020: What We’ve Seen

Chaos and disruption has been the story thus far in 2020 and the world of third party risk management has been no exception.

Knowing how your organization’s data is being handled and protected by your third parties has always been a challenge and the current situation has only complicated these procedures. While there is no perfect roadmap to navigate these difficulties, companies are finding ways to adapt and gain peace of mind over the protection of their data. These are a few best practices we have seen over the past year that can help improve your vendor management program.


Beyond the annual assessment or questionnaire, maintaining an open dialogue between you and your vendors is absolutely critical. Whether it be staffing issues, financial problems within the company, or even just the regular stresses of working from home, your vendors are facing the same challenges many of us are in the current setting and are often conducting business in different ways than before. Even the occasional email or 15 minute call with your vendor contact can open up communication lines and perhaps uncover challenges vendors are facing that wouldn’t show up in an annual assessment. It is important to have an open communication line in order for you and your business to anticipate and counteract any potential issues before they arise.

Emphasis on Resiliency

Before this year, having a Pandemic Procedure outlined in your Disaster Recovery Plan seemed like a formality. Unfortunately, as the world found out the hard way, truly anything can happen. It is important to be sure that your vendors, especially those critical to your business’ functions, have procedures and resources outlined in order to keep their business operational. Beyond documented procedures, performing a tabletop walkthrough has become a best practice in order to establish roles and responsibilities for key members prior to dealing with an actual event.  Give emphasis to your vendors’ resiliency plans and procedures. Remember, to be proactive is to be prepared.

Virtual On-sites

While there is no replacing in-person interaction, companies everywhere are finding ways to make do virtually. The relationship can be maintained but gaining reliance on controls can be tricky, especially physical controls that require observations. The ability to leverage third party attestations such as SOC2 or ISO 27001 is truly invaluable when unable to affirm these controls yourself. Additional evidence can be obtained to satisfy most controls but reports such as these can offer piece of mind when operating in a virtual world.

Peace of mind is hard to come by these days and data security is never certain. Hopefully these tools we have learned over the past few months can be used to prep your vendor management program for whatever comes next in 2020.

Related Articles

This article is part of a series exploring the importance of third-party risk management programs, you can view additional articles below.

View our entire Third Party Risk Management article library here

About Schneider Downs Third-Party Risk Management

Schneider Downs is a registered assessment firm with the Shared Assessments Group, the clear leader in third-party risk management guidance. Our personnel are experienced in all facets of vendor risk management, and have the credentials necessary (CTPRP, CISA, CISSP, etc.) to achieve meaningful results to help your organization effectively achieve new vendor risk management heights.

Learn more at or contact us for more information.


You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Shared Assessment SIG Questionnaire – What’s New for 2023?
Lincoln College Closes Due to Ransomware Attack
Is There Additional COVID-19 Relief Incoming?
The Top Ten Most Common SOC 2 Exceptions
The Pandemic’s Impact on Contractors’ Backlogs
What to Expect When You’re Expecting a Single Audit
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.