- Overview
- Navigate the module
- Why are fourth parties important?
- How to leverage fourth party insights
Overview
Fourth parties are your vendors’ vendors. Use the Fourth Parties module in Vendor Risk to better understand your fourth-party risk exposure.
The module shows automatically detected (and manually added) fourth parties. By default, the most popular fourth parties appear first. For each fourth party, you’ll see:
- Their security rating
- Number of their products used
- Number of your vendors using them
Navigate the module
What you can do |
How to do it |
Export |
Click Export in the view’s top right to export the fourth-party list in a PDF or Excel file. |
Filter |
Click Apply filters in the view’s top right to filter by any of the listed options. |
Group by product |
Click By product at the top of the Fourth Parties table. Now, each row in the table represents an individual fourth party’s product (vs. each row designating a fourth party). |
Search |
Click in the Search box to search by product, vendor, or category. |
Set up a recurring report |
Click Export in the view’s top right and select the option Set up recurring export. |
Share the report (via email) |
Click Export in the view’s top right and select the option Send report via email and save to reports. |
Sort |
Click a column title to sort by that trait (in ascending or descending order). |
View which vendors are using a fourth party product |
Click By product at the top of the Fourth Parties table. Click on any product row to open a pop-out showing product details and a list of vendors using that product. |
Why are fourth parties important?
Fourth parties directly impact your vendor’s cyber security posture, making them a critical area of risk in your supply chain. In the event of a breach or other cyber attack, fourth parties can impact your business and potentially leave you liable for data loss.
Most organizations rely on third-party vendors to monitor the latter's own vendors (i.e. your organization’s fourth parties). But that means:
- You’re trusting (and relying on) organizations outside of your business. While this is necessary, to a degree, it’s important to minimize as much as possible.
- You have an incomplete understanding of the risk exposure, outages, disruptions, and breaches that could threaten your organization.
In other words: understanding your fourth parties is an important part of assessing your cyber resilience.
How to leverage fourth party insights
Use the Fourth Parties module to:
- Search by vendor in Fourth Parties to see how many of your own vendors may have been affected by a breach
- Adjust your business continuity and disaster recovery plans
- Streamline breach response
- Assess downstream impacts
- Validate assessment responses from third parties on the use of fourth parties
- Enforce or update contract terms limiting third parties from using fourth parties
See also: