Peter Craddock Develops Checklist for Good Practices Regarding Third-Party Risk Management

Risk is inherent to any business. Third parties, i.e., entities and persons external to an organization, are an important source of risk. They might make information available to a competitor (or might even use the organization’s information to become one); they might be an attack vector; they might go bankrupt; they might stop performing their contractual obligations.

“Third-party risk management” then refers to various practices and measures with a view to anticipatorily mitigate both the likelihood of such risks and their potential impact, as well as handling the risk and consequences should the need arise.

Keller and Heckman Partner Peter Craddock developed a checklist of good practices regarding third-party risk management. This checklist is based on statutory requirements according to four pieces of legislation: the General Data Protection Regulation (GDPR), the NIS2 Directive, the Data Governance Act, and the Digital Operational Resilience Act (DORA). This checklist is not a comprehensive list of best practices, but it should be helpful to anyone involved in outsourcing, vendor selection, procurement, and supplier contracts.

To view the full checklist, please click here.