Secure Controls Framework
Download The SCF
SCRM/C-SCRM

What is fourth-party risk?

Direct Answer

Fourth-party risk is the risk arising from a vendor's vendors - the third parties that your direct suppliers rely on. If your cloud provider relies on a specific infrastructure vendor, a failure or compromise of that infrastructure vendor creates risk to you even without a direct relationship. Managing fourth-party risk requires asking suppliers about their significant sub-processors and assessing concentration risk across the supplier network.

Keep Exploring

Relevant Resources

References

Authoritative Sources