The last two years have stressed the importance of understanding both your vendor ecosystem and third-party software deployed within your IT infrastructure. The impact of COVID continues to wreak havoc on supply chains, leading to shortages of consumer goods ranging from toilet paper to microchips. Many organizations reliant on either a single or a few vendors for critical components have faced disruptions to product delivery, while those with built-in supply chain redundancies have thrived during the pandemic. Third-party software disruptions have further complicated matters. The SolarWinds and Log4J cyber-attacks highlight the risk third party software can bring to your enterprise. It's also stressed the importance of understanding cybersecurity practices, controls, and policies critical third parties have in place.
To address these challenges, we have released the second phase of our Operational Resilience updates, focused on third-party resilience. The updates include the following:
- Third Party Resilience Assessment – the new questionnaire has been added to the Third Party Risk Management use case. The assessment is used to determine third party resilience across the five resilience pillars of Operational Resilience – Cyber, IT Infrastructure, Facilities, People, and Suppliers. Responses to the questionnaire determine the third party’s resilience for each category. To simplify the process of collecting vendor responses, the assessment has been preconfigured to operate with Archer Engage for Vendors.
- Third Party Metrics – the current methodology of pass/fail metrics has been overhauled to utilize red, amber, green thresholds. This provides more granularity when determining not only if a metric passed or failed, but by how much it passed or failed. Additionally, we’ve automated the process of creating metrics results. Results coming due are automatically generated using a data feed. Finally, Third Party Metrics Results has been preconfigured with Engage for Vendors to simplify the metrics collection process.
- Resilience Pillars – results of the Third Party Resilience Percentage and Third Party Metrics impact the supplier resilience percentage and rating at the business unit, division, and company levels.
- Vendor criticality tiering based on the importance of the product or service being provided and the impact to the organization and its consumers if the vendor was disrupted.
- The new Sankey diagram is leveraged to provide relationship visualization between products and services and the third parties supporting their delivery.
- Enhanced reporting including the identification of supplier concentrations and single points of failure.
Interested in learning more about Archer Operational Resilience? Join us for a Free Friday Tech Huddle on Friday, April 1 for a live demo. Free Friday Tech Huddles are only available to Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.archerirm.com for a live demo.
