Continuous Monitoring

What is continuous monitoring?

Within third-party risk management (TPRM), continuous monitoring is the proactive reviewing of third-party relationship information, metrics, and data for significant changes in relevant areas that would impact the ability of a third party to meet its contractual obligations to the organization. Examples include continuous monitoring of social and news media, cybersecurity health, key risk indicators, or financial information.

Why is continuous monitoring important for TPRM?

While periodic assessments can ensure peace of mind, major security issues (such as an IT data breach) can occur between assessments without your knowledge. Due to the changing nature of risk, it is necessary to continuously monitor vendor relationships and performance. This need has only increased with the COVID pandemic, as supply chains and safety protocols have been disrupted for many organizations.

Continuous or ongoing monitoring is also expected by the regulators.

Continuous monitoring supports a TPRM program by providing real-time data on a third party’s activities and indicators if a security incident or similar risk is developing. This monitoring, in tandem with regularly scheduled risk assessments helps to evolve companies’ TPRM programs from reactive to proactive and allows companies to strategically mitigate or avoid losses altogether. Examples of risks that can be included in a continuous monitoring program include:

• Data and network security
• Compliance requirements, such as ABAC
• Irresponsible sourcing
• Financial health
• Reputation risks (negative news)
• Supply chain hazards

How can Aravo assist in implementing a continuous monitoring program?

Aravo’s TPRM software and applications allow for continuous monitoring of all third-party activities and relationships. Ongoing management and continuous monitoring is supported by automated scheduling of periodic reviews (according to the criteria that makes sense to the business, criticality, risk tier, performance etc.), change triggers (e.g. change of ownership), and triggers from risk intelligence content (e.g. an integration with SecurityScorecard or BitSight can trigger review/issue management and remediation if one or more of the vendor’s grades or scores deteriorates below a specified threshold).. This process allows for prompt reaction and remediation.

Features of Aravo’s continuous monitoring capabilities include:

• Ongoing monitoring of third parties against both risk and performance metrics
• Automated review cycles and build in triggers for escalation, issue management, and remediation should risk or performance scores trend outside acceptable limits
• Integration with third-party intelligence content from Refinitiv, Dow Jones, RapidRatings, SecurityScorecard, BitSight, and others, to continuously monitor against key risk domain intelligence and provide further data points that trigger real-time review and remediation activity

Share with Your Friends: