3rd Party Risk Management , COVID-19 , Governance & Risk Management

Managing Third-Party Risks During COVID-19 Crisis

Panel of Experts Addresses Vendor Management Challenges
L-R: Amit Dhawan from Birlasoft, Nirupam Srivastava from The Hero Corp and Yask Sharma from a major oil and gas company

Third-party risk management is a bigger challenge than ever during the COVID-19 crisis because so many organizations are relying on vendors for essential services, such as managing audits and taking care of on premises security, according to a panel of security experts.

See Also: 2021: A Cybersecurity Odyssey

Nirupam Srivastava, vice president of strategy, AI and digital transformation at Hero Corp, an auto manufacturing company, says his organization is in touch with vendors to check if they are meeting their compliance requirements.

"We are working with them closely to see what systems and what compliances they follow," he says during a video panel discussion with Information Security Media Group. "Only when they meet our compliance requirements do we take forward our engagement with them."

Some practitioners are tweaking their service-level agreements to suit the current scenario. Amit Dhawan, CISO and DPO at Birlasoft, an IT software company, notes. "We have been approached by one of our vendors who was working on desktops before the lockdown to allow them to use their personal laptops, he says. "In our SLAs [service level agreements] now, it has been mentioned that the vendor needs to put in place certain controls, like a good EDR [endpoint detection and response] which gives us visibility."

In working with vendors to enhance security, imposing a framework doesn't always work, says Yask Sharma, CISO at a large oil and gas company in India.

"A cloud service provider would never give complete control of where their data is. ... So therefore when you try to impose a framework and say a vendor has to meet all requirements, it would not really work," Sharma says. "It sounds nice to have a framework, but whether can we apply this to the vendors is the bigger question."

In this video panel discussion, the participants also discuss:

  • The new risks they are anticipating from vendors;
  • Whether technology can help mitigate vendor risks;
  • Why it is important to redefine SLAs with vendors.

Srivastava is vice president for strategy, AI and digital transformation at Hero Corp. Previously, he was director for strategy and M&A for India and South Asia at LexisNexis.

Dhawan is CISO and DPO at Birlasoft. He has more than 20 years of experience in the IT and information security domain. Before Birlasoft, Dhawan served in leadership roles in eAvighna - an infosec training and consulting startup - and JP Morgan and American Express.

As CISO, Sharma is responsible for the maintenance of cybersecurity operations, infrastructure, and governance at a national critical infrastructure organization. He has more than two decades of experience.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Suparna Goswami is Associate Editor at ISMG Asia and has more than 10 years of experience in the field of journalism. She has covered a variety of beats ranging from global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine, and leading Indian newspapers like DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.