96 Extremely Powerful Third Party Management Questions You Do Not Know

What is involved in Third Party Management

Find out what the related areas are that Third Party Management connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Third Party Management thinking-frame.

How far is your company on its Third Party Management journey?

Take this short survey to gauge your organization’s progress toward Third Party Management leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Third Party Management related domains to cover and 96 essential critical questions to check off in that domain.

The following domains are covered:

Third Party Management, Third-party management, Contract manufacturer, Corporate social responsibility, Corruption Perceptions Index, Financial Conduct Authority, Firewall, Foreign Corrupt Practices Act, Governance, risk management, and compliance, Information security, Office of the Comptroller of the Currency, Performance measurement, Reseller, Software as a service, Supplier Risk Management, Target Corporation, Value chain, Vendor:

Third Party Management Critical Criteria:

Scan Third Party Management issues and interpret which customers can’t participate in Third Party Management because they lack skills.

– What new services of functionality will be implemented next with Third Party Management ?

– Are accountability and ownership for Third Party Management clearly defined?

– How can the value of Third Party Management be defined?

Third-party management Critical Criteria:

Experiment with Third-party management issues and correct better engagement with Third-party management results.

– Who will be responsible for deciding whether Third Party Management goes ahead or not after the initial investigations?

– What are the short and long-term Third Party Management goals?

– How to Secure Third Party Management?

Contract manufacturer Critical Criteria:

Huddle over Contract manufacturer tactics and report on setting up Contract manufacturer without losing ground.

– What is the purpose of Third Party Management in relation to the mission?

– How do we go about Comparing Third Party Management approaches/solutions?

– Do we all define Third Party Management in the same way?

Corporate social responsibility Critical Criteria:

Cut a stake in Corporate social responsibility engagements and oversee Corporate social responsibility management by competencies.

– What is the different in meaning if any between the terms Sustainability and Corporate Social Responsibility?

– What if your company publishes an environmental or corporate social responsibility report?

– Are assumptions made in Third Party Management stated explicitly?

– Does Third Party Management appropriately measure and monitor risk?

Corruption Perceptions Index Critical Criteria:

Merge Corruption Perceptions Index management and look at it backwards.

– Who are the people involved in developing and implementing Third Party Management?

– What business benefits will Third Party Management goals deliver if achieved?

Financial Conduct Authority Critical Criteria:

Have a meeting on Financial Conduct Authority failures and find answers.

– Is there a Third Party Management Communication plan covering who needs to get what information when?

– How do we measure improved Third Party Management service perception, and satisfaction?

– What sources do you use to gather information for a Third Party Management study?

Firewall Critical Criteria:

Experiment with Firewall risks and triple focus on important concepts of Firewall relationship management.

– If the firewall runs on an individual host for which all users are not trusted system administrators, how vulnerable is it to tampering by a user logged into the operating system running on the protected hosts?

– Are all router, switches, wireless access points, and firewall configurations secured and do they conform to documented security standards?

– Is payment card account information stored in a database located on the internal network (not the dmz) and protected by a firewall?

– Does each mobile computer with direct connectivity to the internet have a personal firewall and anti-virus software installed?

– Are the firewall, router, wireless access points, and authentication server logs regularly reviewed for unauthorized traffic?

– Are web servers located on a publicly reachable network segment separated from the internal network by a firewall (dmz)?

– Is the firewall configured to translate (hide) internal ip addresses, using network address translation (nat)?

– Is a firewall used to protect the network and limit traffic to that which is required to conduct business?

– How do we make it meaningful in connecting Third Party Management with what users do day-to-day?

– Does the providers firewall control IPv6 access, or protect against both IPv4 and IPv6 attacks?

– How does the firewall quality affect the likelihood of a security breach or the expected loss?

– How vulnerable is the firewall to attacks via the network against the firewall itself?

– Who will be responsible for documenting the Third Party Management requirements in detail?

– How do we maintaining integrity between communication ports and firewalls?

– Do changes to the firewall need authorization and are the changes logged?

– How do we Identify specific Third Party Management investment and emerging trends?

– Can the firewall support hot-standby/failover/clustering?

– Is there router and firewall encryption?

– How many Firewalls do you have?

Foreign Corrupt Practices Act Critical Criteria:

Ventilate your thoughts about Foreign Corrupt Practices Act tasks and use obstacles to break out of ruts.

– What management system can we use to leverage the Third Party Management experience, ideas, and concerns of the people closest to the work to be done?

– Is Third Party Management Required?

Governance, risk management, and compliance Critical Criteria:

Devise Governance, risk management, and compliance results and balance specific methods for improving Governance, risk management, and compliance results.

– What are your most important goals for the strategic Third Party Management objectives?

– How can skill-level changes improve Third Party Management?

Information security Critical Criteria:

Brainstorm over Information security tasks and describe the risks of Information security sustainability.

– Does the information security function actively engage with other critical functions, such as it, Human Resources, legal, and the privacy officer, to develop and enforce compliance with information security and privacy policies and practices?

– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?

– Does the ISMS policy provide a framework for setting objectives and establishes an overall sense of direction and principles for action with regard to information security?

– Are we requesting exemption from or modification to established information security policies or standards?

– Have standards for information security across all entities been established or codified into law?

– Have standards for information security across all entities been established or codified into regulations?

– Does your organization have a chief information security officer (ciso or equivalent title)?

– Is there a consistent and effective approach applied to the mgmt of information security events?

– Is information security ensured when using mobile computing and tele-working facilities?

– Think of your Third Party Management project. what are the main functions?

– Ensure that the information security procedures support the business requirements?

– Is an organizational information security policy established?

– : Return of Information Security Investment, Are you spending enough?

– Are damage assessment and disaster recovery plans in place?

– Is information security an it function within the company?

– What is the main driver for information security expenditure?

– Conform to the identified information security requirements?

Office of the Comptroller of the Currency Critical Criteria:

Think about Office of the Comptroller of the Currency governance and adjust implementation of Office of the Comptroller of the Currency.

– What role does communication play in the success or failure of a Third Party Management project?

– Which individuals, teams or departments will be involved in Third Party Management?

– How is the value delivered by Third Party Management being measured?

Performance measurement Critical Criteria:

Align Performance measurement projects and spearhead techniques for implementing Performance measurement.

– Constantly communicate the new direction to staff. HR must rapidly readjust organizational charts, job descriptions, workflow processes, salary levels, performance measurement, etc. Why?

– Performance measurement system design: Should process based approaches be adopted?

– Can Management personnel recognize the monetary benefit of Third Party Management?

– Who will provide the final approval of Third Party Management deliverables?

– The performance measurement revolution: why now and what next?

Reseller Critical Criteria:

Meet over Reseller outcomes and be persistent.

– What prevents me from making the changes I know will make me a more effective Third Party Management leader?

– What threat is Third Party Management addressing?

Software as a service Critical Criteria:

Generalize Software as a service outcomes and research ways can we become the Software as a service company that would put us out of business.

– Why are Service Level Agreements a dying breed in the software as a service industry?

– What are current Third Party Management Paradigms?

Supplier Risk Management Critical Criteria:

Dissect Supplier Risk Management strategies and find answers.

– What are your results for key measures or indicators of the accomplishment of your Third Party Management strategy and action plans, including building and strengthening core competencies?

– Which customers cant participate in our Third Party Management domain because they lack skills, wealth, or convenient access to existing solutions?

– How do we Lead with Third Party Management in Mind?

Target Corporation Critical Criteria:

Read up on Target Corporation issues and innovate what needs to be done with Target Corporation.

– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a Third Party Management process. ask yourself: are the records needed as inputs to the Third Party Management process available?

Value chain Critical Criteria:

Discourse Value chain results and transcribe Value chain as tomorrows backbone for success.

– How can we incorporate support to ensure safe and effective use of Third Party Management into the services that we provide?

– What are the success criteria that will indicate that Third Party Management objectives have been met and the benefits delivered?

Vendor Critical Criteria:

Jump start Vendor tactics and intervene in Vendor processes and leadership.

– Do we Make sure to ask about our vendors customer satisfaction rating and references in our particular industry. If the vendor does not know its own rating, it may be a red flag that youre dealing with a company that does not put Customer Service at the forefront. How would a company know what to improve if it had no idea what areas customers felt were lacking?

– How many training hours are included within the standard support and maintenance agreement and how is that training delivered (e.g., at the vendors location, onsite at the customers location, via the web)?

– Data availability: Can the cloud vendor move all their clients data onto a different environment should the existing environment become compromised or unavailable?

– What are the existing or planned mechanisms to assess the interoperability of different vendor implementations?

– Does your bi software work well with both centralized and decentralized data architectures and vendors?

– Are the contracts with vendors current, and does it include and appropriate Service Level Agreements?

– In terms of service availability, can you get your vendor to sign a service-level agreement?

– Require agendas and other materials in advance of Preferred Vendor meetings and reviews?

– What additional training resources are available from the vendor and at what cost?

– Do you see areas in your domain or across domains where vendor lock-in is a potential risk?

– Do you want the vendor selected to deliver the tools to develop wbt?

– Can the vendor create custom virus definitions for the organization?

– Do vendors have an associated security guide for their products?

– Have Score Cards and SLA s with your Critical Preferred Vendors?

– Are Cybersecurity criteria used for vendor and device selection?

– What is the depth of the vendors domain expertise?

– Who are the data loss prevention vendors?

– What is the vendors partner ecosystem?

– Rate your Preferred Vendors?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Third Party Management Self Assessment:


Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com



Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Third Party Management External links:

Welcome to TRACE’s Third Party Management System (TPMS)

Bell Partners, Inc. | Third Party Management

Contract manufacturer External links:

Home – Tufco – Wet Wipes Contract Manufacturer

Corporate social responsibility External links:

Corporate Social Responsibility | The Aerospace …

Corporate Social Responsibility – SourceWatch

Corruption Perceptions Index External links:

How Africa Fares In The Corruption Perceptions Index 2016

corruption perceptions index (CPI) – Britannica.com

Financial Conduct Authority External links:

Financial Conduct Authority to review current accounts

Financial Conduct Authority – Financial Services Register

UK Financial Conduct Authority Publishes Near-Final …

Firewall External links:

Appraisal Firewall

Turn Windows Firewall on or off – support.microsoft.com

Managed Firewall Support Site – Home

Foreign Corrupt Practices Act External links:


Governance, risk management, and compliance External links:

Career Path – Governance, Risk Management, and Compliance …

Information security External links:

ALTA – Information Security


Federal Information Security Management Act – CSRC

Performance measurement External links:

Performance Measurement
http://Performance measurement is the process of collecting, analyzing and/or reporting information regarding the performance of an individual, group, organization, system or component.

[PDF]OJP Performance Measurement Platform Log-In …

Performance Measurement Dashboard | City of Tampa

Reseller External links:

TTI Floor Care Authorized Reseller Registration Portal > …

Bobrick Washroom Accessories | Authorized Bobrick Reseller

What is reseller? – Definition from WhatIs.com

Software as a service External links:

What is Software as a Service (SaaS) – Salesforce.com

Enterprise Gamification Software as a Service Platform

DENTAWEB Software as a service

Supplier Risk Management External links:

[PDF]Supplier Risk Management Through Standard …

Target Corporation External links:

Target Corporation Common Stock (TGT) Historical …

Target Corporation – TGT – Stock Price Today – Zacks

Value chain External links:

Welcome to TATA Motors Value Chain Management

Comparing Value Chain and Supply Chain | QStock …

U.S. Global Value Chain Coalition

Vendor External links:

Mercury Network Vendor Management Platform | Mercury Network

VENDORS | Corporate Settlement Solutions | Title …

Home – Vendor Portal