CRISC - Risk Response and Reporting - Section 3.4
Manage third-party and supply chain risk across the vendor lifecycle, including fourth-party dependencies.
Manage third-party and supply chain risk across the full vendor lifecycle - from due diligence and contracting through ongoing monitoring to offboarding. Extend this analysis to fourth-party risk by identifying critical sub-processors whose failure could cascade into the organisation despite no direct contractual relationship.
Third-party riskSupply chain riskFourth-party riskVendor management
More in this domain
Back to all Risk Response and Reporting objectives, or the CRISC cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.