Resilience Using Third Party Risk Management

By Joe Anderson, CPCU, ARM AFSB, CBRA

Principal & Fractional Chief Risk Officer

Excellent article in Risk Management Magazine by Ryan Patrick, at HITRUST on how to properly vet 3rd-party cyber vendors. At Fortify Risk Management, LLC, we help you build organizational resiliency in the non-cyber-related areas of your company, like Natural Disasters, Supply Chain Employee Injuries, etc.

Here are some 3rd-party vendor risk management takeaways:

1) Risk Map Major Threats their Maximum Impacts.

2) Expand Risk Assessments - from "online security" grades to resiliency.

3) Strengthen Internal Contingency Planning.

4) Build an Internal, Cross-Departmental Response Team.

We can help you run simulations and test your team's ability to respond under pressure in a 3rd-party (non-cyber) disaster.

At Fortify Risk Management, LLC, we bring in fractional Chief Risk Officers (CROs) who have past experience managing risk and safety with companies like Fluor Corporation, Boise Cascade Company, Carnival Corporation, The Walt Disney Company, Idaho Power, and Sunkist Growers, to name a few. They take their 30+ years (on average) of corporate risk management experience and help you and your teams become more resilient and agile in the marketplace.

The Goal: Not just survive disasters -- but THRIVE in them! And take advantage of the marketplace opportunities disasters bring. Find out more about how our interactive approach is "Adventurizing Risk" and making risk management trainings fun!

Source: https://www.rmmagazine.com/articles/article/2025/08/22/building-operational-resilience-in-third-party-risk-management