OUR SERVICES
TRiM Risk Management Service
Since third parties and the services provided are critical for the continuity of the company’s own activities and the accessibility of its own services, it is inevitable that the risks arising from these are also a part of the company’s risk management process.
Especially for critical infrastructure sectors, these risks can have effects on the national level and public order, in addition to their effects on the company.
3. The risks of the parties are included under Operational Risks, which are handled in the general risk management process of the institutions. When addressing these risks, it is important to take into account the risks related to the components of the service supplied from third parties, as well as the financial, reputation, compliance and subcontractor risks arising from the supplier itself. Within the framework of this holistic view, all stages, starting from the identification of candidate suppliers, supplier selection and service levels in the procurement phase and ending with the service, must be addressed in the risk assessment process. 3. The human resources that provide the services procured from the parties, the processes they carry out and the technologies they use to provide this service should be evaluated as a whole.
Supplier Risks Reflect on Institutions
US telecommunications company T-Mobile has been subject to many security breaches in recent years. The breach, which occurred in January 2023, was one of the largest data breaches in the company’s history. In this breach, 37 million customers were affected, with customer addresses, phone numbers and dates of birth stolen by a threat actor.
A second incident, announced in April 2023, affected only 800-odd customers. But this case involved many more data points, including T-Mobile account PINs, Social Security numbers, government-issued identification information, dates of birth and internal codes the firm uses to service customer accounts.
US-based genetics and research company 23andMe announced that approximately 20 million user data was stolen. It was stated that the data breach was carried out by a threat actor who used classic credential stuffing techniques to access user accounts.
Users affected by the breach include those using the DNA Relatives service. This service allows users to find relatives who share their genetic ancestry. Through this service, the threat actor was able to access many more data points, such as users’ profile photos, gender, year of birth, location, and genetic ancestry results.
The Electoral Commission, the UK’s independent regulator of party and election financing, revealed in August that threat actors had stolen the personal information of an estimated 40 million voters.
The data affected by the breach included voters’ names, addresses, dates of birth, phone numbers and email addresses. Threat actors can use this data in a variety of ways. For example, they can use this data to launch phishing attacks, target ads, or blackmail voters.
What is 3rd Party Risk Management
- Identification of Risks: Identification of all reasons that may cause loss for a company
- Risk Analysis: Evaluating and measuring risks that may create loss potential for the company
- Determining the Response to Risk: Defining whether to avoid, reduce, transfer or accept
- Mitigating & Transferring Risk: Implementing internal controls to reduce or transfer risk
- Risk Response Result: Determining and implementing a method to monitor the outcome of the implemented response.
To prevent reputational and financial losses of all institutions; They must manage third party risks continuously and effectively.
In accordance with the legal regulations in our country; “Electronic Communications”, “Energy”, “Finance”, “Transportation”, “Water Management” and “Critical Public Services” institutions with critical infrastructure are legally obliged to manage third party risks.
What is the Scope of Forcerta TRiM (Third Party Risk Management) Service?
As Forcerta, we have created Forcerta TRiM Service packages to enable our competent technical experts to carry out the end-to-end 3rd Party Risk Management needed by institutions in accordance with the legal legislation in our country. The scope of this service is generally as follows:
- Customized Risk Programs: Evaluating suppliers in terms of geography, risk and expense, customized according to the type of service provided by the 3rd Party.
- Validating Data: Validity checks of information provided in risk assessment
- Current Status and Development Measurement: Determination of the current situation after the definition of KPIs and continuous monitoring of the development
- Document Verification and Management: Review and verification of all documents obtained
- Continuous Monitoring: Real-time supplier risk information verification and reporting with continuous monitoring
- Reporting: Providing measurable standards and reports in line with the regulations
Forcerta TRiM – Service Packages
In accordance with the needs of institutions, Forcerta has created three different TRiM Service Packages and Optional Additional Service Packages. All of these service packages include the management of the institution’s own risks within the same scope.
TRiM Standard Forceps:
- Creation of the 3rd Party Inventory in Scope
- Defining Risk Scoring Platform
- Continuous Monitoring of Risk Scores
- Registration of Risk Actions and Development on the Platform
- Regular Tracking on the Platform
- Guidance and Consultancy for Improvement Actions
Forcerta TRiM Professional :
- (In addition to the entire standard package)
- Detailed Risk and Maturity Analysis, Reporting and Tracking
Forcerta TRiM Enhanced:
- (In addition to the entire Professional package)
- Internal Processes and Reporting Support with Outsourcing
Optional TRiM Services:
- 3rd Party Penetration Testing and Vulnerability Scanning
- 3rd Party Security Awareness and Phishing Exercises
- 3rd Party Threat Intelligence Tracking
- Increasing the Effectiveness of 3rd Party Security Solutions
Transformation in 3rd Party Risk Management Program
If you want to reveal your company’s current 3rd party risks and perform sectorally comparative 3rd party risk management that can be monitored continuously and in real time, contact us immediately .
We are at your service with our end-to-end 3rd party risk management service in accordance with legal regulations.
If you would like to get more detailed information about our Forcerta TRiM Service, please fill out the form below.