One exciting area I have been digging into is the mixing of risk management and application portfolio development. As we see greater and greater abstraction of services (software eating world), we also have an ever increasing dependency on a multitude of developers, service providers, start-ups, legacy tech companies, and many other institutions.
If you are in application development and list of the pipeline deployment technology and all of the interacting systems, you’ll easily list out 30+. Each of these have the potential of impacting your business, your customer experience, and ultimately your viability as a product.
I found this third party risk management point of view to be insightful (full transparency, I work for this firm), and recommend a review from the application perspective. It is dated, but insightful. I particularly like the risk stratification highlights on page 7 that include:
- Volume of transactions
- Concentration associated with service
- Sensitivity risk of the data vendor has access
- Compliance & regulatory risks
- Customer & financial impact
- Location of vendor (privacy impacts)
- Previous data or security breaches
- Extent of outsourcing performed
- Performance history