Third-party risk management

Third-party risk, also known as vendor or supplier risk, refers to the potential threats and vulnerabilities that arise from relying on external entities to provide goods, services, or support, particularly where the entity is supporting a critical service. For organisations, managing these risks is crucial as they can impact operational efficiency, regulatory compliance, and overall business reputation if something goes wrong. Effective third-party risk management involves assessing, monitoring, and mitigating risks associated with suppliers to ensure business continuity and to protect the interests of the organisation. ...

1 min

Third-Party Risk Management in the Age of AI - Rethinking Trust and Accountability

Companies are rapidly integrating AI into their operations, from customer service chatbots to advanced analytics tools. And if organisations are using AI, then so are their third party vendors, the companies processing data on their behalf. Do we know how our vendors are using our data, and how will we manage that risk? AI and Third-Party Risk: What’s at Stake? AI amplifies third-party risk in several ways: Data Leakage: Information entered into AI tools could be stored, reused, or exposed. Are your inputs contributing to a model that may resurface these comments elsewhere? Opaque Data Practices: What AI systems are your third parties using? Are they using in-house proprietary models? How clear are you on data usage, retention, and any onward sharing? Model Vulnerabilities: If an AI model is compromised, its outputs could become inaccurate or biased, damaging trust and operations. What obligations do you have, and how do you manage this risk? Supply Chain Risks: Many AI solutions will rely on a network of sub-processors, expanding the risk landscape. Do you know where your data ends up? The Key Questions to Ask Yourself and Your Vendors To manage third-party risk effectively in the AI era, you need to ask the right questions: ...

4 min

Threat intelligence

Threat intelligence refers to the process of gathering, analysing, and interpreting information about potential or current threats to an organisation’s digital assets. Organisations typically conduct threat intelligence through various departmental functions, including: a Security Operations Centre (SOC) which will monitors and respond to security incidents an Incident Response Team who will handle and mitigate security breaches a Threat Intelligence Team who will collect and analyse threat data to provide actionable insights. Additionally, organisations often collaborate with external parties such as Threat Intelligence Providers who can offer specialised threat data and analysis through economies of scale with multiple customers, and specialised Security Consultants who can will provide expertise and support in threat intelligence and incident response. ...

1 min

Three main branches of machine learning

The three main branches of machine learning are: Supervised Unsupervised Reinforcement learning Further reading Related pages Grokking Deep Reinforcement Learning, by Miguel Morales

1 min

Toyota Production System (TPS)

The Toyota Production System (TPS) is a methodology developed by Toyota that focuses on eliminating waste and improving efficiency. It is based on principles such as Just-In-Time production and Jidoka, which emphasises quality and continuous improvement. Further reading Toyota Production System - Toyota Toyota Production System - Wikipedia Toyota Production System - Toyota Europe Related pages Nemawashi

1 min