Fourth Parties
      Back to home
      1. UpGuard Knowledge Base
      2. UpGuard Vendor Risk
      3. Fourth Parties

      Fourth Parties Module Overview

      Overview

      Fourth parties are your vendors’ vendors. Use the Fourth Parties module in Vendor Risk to better understand your fourth-party risk exposure.  

      The module shows automatically detected (and manually added) fourth parties. By default, the most popular fourth parties appear first. For each fourth party, you’ll see:

      • Their security rating
      • Number of their products used
      • Number of your vendors using them

      Navigate the module

      What you can do 

      How to do it

      Export

      Click Export in the view’s top right to export the fourth-party list in a PDF or Excel file. 

      Filter

      Click Apply filters in the view’s top right to filter by any of the listed options. 

      Group by product

      Click By product at the top of the Fourth Parties table. Now, each row in the table represents an individual fourth party’s product (vs. each row designating a fourth party). 

      Search 

      Click in the Search box to search by product, vendor, or category.

      Set up a recurring report

      Click Export in the view’s top right and select the option Set up recurring export.

      Share the report (via email)

      Click Export in the view’s top right and select the option Send report via email and save to reports.

      Sort 

      Click a column title to sort by that trait (in ascending or descending order). 

      View which vendors are using a fourth party product 

      Click By product at the top of the Fourth Parties table. Click on any product row to open a pop-out showing product details and a list of vendors using that product. 

      Why are fourth parties important?

      Fourth parties directly impact your vendor’s cyber security posture, making them a critical area of risk in your supply chain. In the event of a breach or other cyber attack, fourth parties can impact your business and potentially leave you liable for data loss.

      Most organizations rely on third-party vendors to monitor the latter's own vendors (i.e. your organization’s fourth parties). But that means: 

      1. You’re trusting (and relying on) organizations outside of your business. While this is necessary, to a degree, it’s important to minimize as much as possible. 
      2. You have an incomplete understanding of the risk exposure, outages, disruptions, and breaches that could threaten your organization. 

      In other words: understanding your fourth parties is an important part of assessing your cyber resilience.

      How to leverage fourth party insights

      Use the Fourth Parties module to:

      • Search by vendor in Fourth Parties to see how many of your own vendors may have been affected by a breach
      • Adjust your business continuity and disaster recovery plans
      • Streamline breach response
      • Assess downstream impacts 
      • Validate assessment responses from third parties on the use of fourth parties
      • Enforce or update contract terms limiting third parties from using fourth parties

      See also: