Categories
Innovation in Compliance

You Can’t Outsource Risk with Sandeep Bhide


 
Sandeep Bhide is the Vice President of Product Management at ProcessUnity, a company that is making good governance, risk, and compliance (GRC) practices and tools available to organizations via third-party risk and cybersecurity program management tools. Tom Fox welcomes him to this week’s show to talk about their Third-Party Risk: A Turbulent Outlook Survey report and how ProcessUnity helps their clients.
 

 
The Purpose of ProcessUnity
Tom asks Sandeep to explain the basis of ProcessUnity and the key products and services they are offering. Sandeep says that the company offers cloud-based solutions that provide help for organizations of all sizes, that allows them to automate their risk and compliance programs. He adds that it is an easily customizable program that reduces manual administrative tasks and allows customers to focus on “the more strategic risk mitigation activities”. ProcessUnity has the ability to review the company’s GRC program and deliver great results quickly. 
 
Third-Party Risk: A Turbulent Outlook Survey Report 
Tom wants to know what was the intent behind this report and how it came to fruition. Sandeep states that the objective of the study was to determine how well organizations understood and managed risk associated with their third-party partners. 301 IT and cybersecurity decision-makers and influencers participated in the survey, and they were asked about their concerns and challenges when managing certain risks, and how it has impacted the security incidents related to their third-party partners. Sandeep shares the overall findings of the survey found that: 

  • Third-party relationships continue to expand exponentially; 
  • Companies continue to seek outsourced services and software in order to perform optimally and to replace talent and supply sources due to the pandemic;
  • The majority of respondents have experienced an IT security incident over the last two years because of a third-party relationship. 

 
The Gathering Storm
Tom asks Sandeep to explain the concept of “the gathering storm” and the technological solution ProcessUnity provides to help navigate it. Sandeep explains that the term refers to a supply chain attack executed by “close third-party relationships that have either physical or network access to equipment and premises and those that provide software vital to a business’ operation.” Sandeep then warns that companies should vet these third parties since their role is so important. Most companies would rather focus on their core businesses, however; they feel it doesn’t make economic sense for them to do everything themselves and third parties provide the types of talent they need to properly conduct their business. Sandeep comments that “companies can outsource the work which is an imperative for them, but they can’t outsource the risk”. To manage your third parties, you must have multiple in-house and out-house methods to vet them, including questionnaires or assessments. You have to get to know your partners because they have the most risk attached to them.
 
Resources 
Sandeep Bhide | LinkedIn | ProcessUnity