Introduction to Fourth-Party Risk:
Fourth parties are the vendors that are being used by your own vendors. Understanding this layer of risk is crucial for mitigating the impact of potential data breaches or cyber attacks that could originate from one of your vendors' vendors.
Navigating the "By Vendor" View:
The Fourth Parties dashboard provides a clear overview of these relationships. In the "By Vendor" tab, the information is organized around each fourth-party vendor.
4th Party Vendor: This column lists the vendors being used by your primary vendors (e.g., Amazon, DSALTA, Google).
Score: Similar to the main Vendor Risk dashboard, each fourth-party vendor receives a security score, providing an at-a-glance view of their security posture.
Products: This column shows the number of products or services provided by that fourth-party vendor that are being used by your vendors.
Vendors: This column indicates how many of your primary vendors are utilizing this specific fourth-party vendor. Clicking on the icon or number may reveal a list of these vendors.
Taking Action:
Use the security scores to identify high-risk fourth-party vendors.
The "Products" and "Vendors" columns can help you understand the scale of your exposure to a particular fourth-party vendor.
Utilize the search bar and filters to quickly find specific fourth-party vendors or to narrow down the list based on specific criteria.
Introduction to "By Product" View:
The "By Product" tab on the Fourth Parties dashboard shifts the focus from the vendor to the specific products or services they offer. This view is invaluable for understanding your exposure based on the technologies and services your vendors are using.
Key Columns in the "By Product" View:
Product: This column lists the specific products or services (e.g., "Cloudflare Load Balancer," "Cloudflare CDN") that your vendors are using.
4th Party Vendor: This shows the vendor that provides the product listed.
Score: The security score associated with the fourth-party vendor that provides the product.
Category: This provides additional context about the product's function (e.g., "Hosting Provider," "CDN," "Nameservers").
Vendors: This column indicates how many of your primary vendors are using this particular product.
How to Use This View Effectively:
Identify Critical Products: Quickly see which fourth-party products are widely used by your vendors and may represent a larger risk surface.
Evaluate Product Security: The security score gives you an indication of the provider's security posture, which is critical for evaluating the risk of the product itself.
Generate Report: Use the Generate Report button to create a detailed report on your fourth-party risk, which can be useful for internal discussions or compliance audits.
Accessing the Export Feature
From the Fourth Parties dashboard, click the Export or Generate Report button (depending on your view).
An "Export Fourth Parties" dialog box will appear.
Selecting Report Format and Sections:
Format: Choose the desired file format for your report from the dropdown menu. Currently, you can export your data as a .PDF file.
Report Sections: You can customize your report to include specific details by selecting the following options:
Product for each fourth party: This option includes a list of products associated with each fourth-party vendor in the report.
Vendors using each fourth party: This option lists the primary vendors that are utilizing each fourth-party vendor.
Generating the Report:
Once you have selected your format and the desired report sections, click the Export button.
The platform will generate the report based on your selections, and your download will begin shortly. This report can be a valuable tool for internal reviews, compliance audits, or sharing with stakeholders to demonstrate your risk management efforts.
