Maintaining a strong security posture is more important than ever, and that includes addressing all aspects of organizational cybersecurity from both the bottom-down and top-up, including your vendors and their impact on environmental, social, and governance (ESG) management. Successful third-party attacks have increased rapidly over the last year, exposing new vulnerabilities for bad actors to exploit in the process. Perfect examples of this are the recent SolarWinds attack, increased ransomware incidents, and the Pipeline Attack. These instances called out Vendor Risk Management (VRM) as a key focus area for organizations, and brought to light the impact that the vendor ecosystem has across the organization. The emphasis that attacks have placed on VRM has also showcased the importance of considering vendors as an equal part of a company’s supply chain, meaning that the impact that vendors have on environmental and social considerations is akin to the impact that they have on security. Here we explore the relationship between holistic ESG considerations and VRM starting with one role: the Chief Sustainability Officer (CSO).
Explore the importance of vendor risk management: The Ultimate Guide to Vendor Risk Management
The CSO & Vendor Risk Management
Chief Sustainability Officers (CSOs) have a specific risk domain that they care about: sustainability and ESG management, both of which cannot be achieved without properly assessing your vendors, making them a critical component of any sustainability program. With the emergence of ESG and sustainable corporate regulations, more organizations need to perform the right due diligence to report on the sustainability of their vendors and third parties. CSOs should consider this risk and prioritize their supplier and vendor risk management program as it relates to environmental and social governance.
CSO Challenges & Considerations
When aiming to establish a relationship of trust with internal and external stakeholders, it’s important to understand the role that the CSO plays and the impact that your vendors have on environmental, social, and governance principles like climate change and diversity & inclusion. This makes VRM a key component for CSOs to consider.
Understanding the vendors that you work with and how you work with them is critical to any ESG program, but as the space continues to evolve and new regulations are being rapidly considered, it can be difficult to understand where your own organization needs to comply with ESG, let alone where your vendors needs to. CSOs need visibility into their vendor inventory so they can consider:
- The impact global supply chains have on companies’ carbon footprint
- The emergence of sustainability laws and standards for companies (EU Sustainable Finance Action Plan & German Due Diligence Act)
- The pressure from consumers and investors/shareholders for companies to commit to sustainability practices/net zero (important point on the investors, look into Blackrock and what they are requiring)
- The lack of standards in reporting between clients, vendors, and suppliers between vendors on ESG practices
- The new frontier of benchmarking and gathering ESG-related data
Dive deeper into ESG Management: The Ultimate Guide to ESG Management
Solutions & Best Practices
Environmental sustainability doesn’t happen overnight. It takes a lot of planning, preparation, implementation, and a comprehensive understanding of globally scaled problems in the face of today and tomorrow’s markets. As enterprises continue to realize the impact of day-to-day business practice on the broader community, the criticality of vendor risk management to broader ESG initiatives will continue to be highlighted. To set your organization up for success, it’s important to ensure that CSOs:
- Understand their vendors and associated risks clearly
- Have visibility into the vendor assessment process
- Measure key risk indicators (KRIs) and key performance indicators (KPIs) with vendors in mind
- Stand-up a VRM program that can scale as they grown and as requirements change
- Are confident in the way that the vendors they work with align to regulatory requirements and the organization’s overall ESG goals.
- Implement contingency plans in the event that a vendor is unable to deliver on the necessary sustainability requirements
How Can OneTrust Help?
The OneTrust platform leverages expertise in Vendor Risk Management, Privacy, GRC, and many other categories to deliver a comprehensive ESG management experience. We enable you to gain visibility into all aspects of your organization’s security structure by building your VRM program from the ground up, giving you insight into your vendor inventory, vendor lifecycle management, and risk assessments.
Specifically, OneTrust Vendorpedia provides a global community where you can access risk analytics and control gap reports on thousands of vendors via their third-party risk exchange, enabling proactive preparedness internally and externally. Request a demo today.
