Here are some commonly used terms and acronyms in the context of GRC.
Third Party: A third party is a formal business or government entity, or even an individual that is not under direct administrative control of an organization.
Risk: As defined by ISO, Risk is the effect of uncertainty on objectives, and an effect is it positive or negative deviation from what is expected. Simply speaking, Risk is an impedance to achieving business objectives.
Example: Loss of Business Reputation.
Business Associates: Though this term is more commonly used in the healthcare sector, concept of business associates (BA) denotes a fully autonomous or semi-autonomous business entity that engages in business transactions with an organization. From a TPRM perspective, a BA is considered a third party.
Third Party Risk Management (TPRM): Management of risks emanating from a third party to an organization, or introduced to a third party by an organization. In a holistic view, third party risks can be bi-directional.
Assessment: Benchmarking and/or measurement of a person or entity as compared to applicable baseline standards and thresholds of risk tolerance.
About the Author:
Faisal Ansari is a senior executive, a keynote speaker, and most importantly, an experienced practitioner in the domains of Information Privacy, Enterprise Risk, Cybersecurity, and Compliance. Having served global clients across a wide spectrum of industries, Mr. Ansari has also contributed to authorship of several international standards and frameworks from ISO, ISACA, and NIST.
Your Thoughts and Comments:
Author of this Trusted Insight would love to hear from you, and welcomes your feedback, comments, and suggestions to improve this article for the greater good of the business community. You can reach the author at email@example.com.
Thanks for visiting this Trusted Insight. Check out our other articles on this topic, as well as relevant service offering pages displayed on the right side of this article for more information on how we can be a catalyst to the success of your business initiatives.