// THREAT DETECTION AND DATA PRIVACY TERM
Third Party
A third party is any external company, vendor, or contractor that an organization does business with and may be granted access to its sensitive data or systems. Managing these relationships is a critical part of cybersecurity because a vulnerability in a third party can become a threat to the organization.
TECHNICAL DEFINITION
In cybersecurity and compliance, a third party is an external entity, such as a vendor, supplier, or service provider, that interacts with an organization's data, systems, or networks, creating potential security vulnerabilities. This relationship is the focus of Third-Party Risk Management (TPRM) programs, which assess and mitigate risks within the supply chain to ensure compliance with regulations like GDPR, CCPA, and standards such as ISO 27001.
BACKGROUND
The Cybersecurity Maturity Model Certification (CMMC) is an assessment framework and assessor certification program designed for a variety of standards published by the National Institute of Standards and Technology.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- vendor
- supplier
- contractor
- service provider
- business partner
- supply chain partner
- outsourcer
USAGE NOTE
This term is foundational to Third-Party Risk Management (TPRM) programs, which are now a mandatory component of most corporate security strategies.
DEVELOPERS
Organizations developing technology related to Third Party.
Develops a security ratings platform that continuously analyzes and rates companies' cybersecurity performance from an external perspective, specifically to help organizations manage third-party vendor risk.
Provides a platform that offers security ratings to score and monitor organizations and their business partners. Their technology is used for third-party risk management (TPRM), board reporting, and cyber insurance underwriting.
Offers a third-party risk and attack surface management platform. Their technology helps businesses prevent data breaches by monitoring their vendors' security posture and automating risk assessments and questionnaires.
A company specializing in third-party risk management. They provide a unified platform for assessing, managing, and continuously monitoring risks from vendors and suppliers throughout the relationship lifecycle.
A Mastercard company that provides a platform for managing third-party cyber risk. Their technology continuously discovers an organization's internet-facing assets and assesses their security to provide objective risk ratings.
Develops a platform focused on automating third-party security management. It combines external attack surface assessments with automated security questionnaires to provide a comprehensive view of vendor risk.
While a broad GRC and privacy platform, its OneTrust Vendorpedia is a leading technology for Third-Party Risk Management. It automates the entire vendor lifecycle, from onboarding and due diligence to risk mitigation and offboarding.
Develops security technology for the software supply chain, a critical component of third-party risk. Their platform finds and fixes vulnerabilities in open-source code, containers, and infrastructure as code, which are often third-party components.