Fourth Parties Module Overview

Overview

Fourth parties are your vendors’ vendors. Use the Fourth Parties module in Vendor Risk to better understand your fourth-party risk exposure.  

The module shows automatically detected (and manually added) fourth parties. By default, the most popular fourth parties appear first. For each fourth party, you’ll see:

  • Their security rating
  • Number of their products used
  • Number of your vendors using them

Navigate the module

What you can do 

How to do it

Export

Click Export in the view’s top right to export the fourth-party list in a PDF or Excel file. 

Filter

Click Apply filters in the view’s top right to filter by any of the listed options. 

Group by product

Click By product at the top of the Fourth Parties table. Now, each row in the table represents an individual fourth party’s product (vs. each row designating a fourth party). 

Search 

Click in the Search box to search by product, vendor, or category.

Set up a recurring report

Click Export in the view’s top right and select the option Set up recurring export.

Share the report (via email)

Click Export in the view’s top right and select the option Send report via email and save to reports.

Sort 

Click a column title to sort by that trait (in ascending or descending order). 

View which vendors are using a fourth party product 

Click By product at the top of the Fourth Parties table. Click on any product row to open a pop-out showing product details and a list of vendors using that product. 

Why are fourth parties important?

Fourth parties directly impact your vendor’s cyber security posture, making them a critical area of risk in your supply chain. In the event of a breach or other cyber attack, fourth parties can impact your business and potentially leave you liable for data loss.

Most organizations rely on third-party vendors to monitor the latter's own vendors (i.e. your organization’s fourth parties). But that means: 

  1. You’re trusting (and relying on) organizations outside of your business. While this is necessary, to a degree, it’s important to minimize as much as possible. 
  2. You have an incomplete understanding of the risk exposure, outages, disruptions, and breaches that could threaten your organization. 

In other words: understanding your fourth parties is an important part of assessing your cyber resilience.

How to leverage fourth party insights

Use the Fourth Parties module to:

  • Search by vendor in Fourth Parties to see how many of your own vendors may have been affected by a breach
  • Adjust your business continuity and disaster recovery plans
  • Streamline breach response
  • Assess downstream impacts 
  • Validate assessment responses from third parties on the use of fourth parties
  • Enforce or update contract terms limiting third parties from using fourth parties

See also: