<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

Third-Party Risk Management should be a focus of yours in 2023 if you’re working in Procurement or Legal. Let’s face it, we’re going to have a year filled with risks emanating from destabilised globalisation, data privacy laws, increasing regulation, failures in the supply chain and cyber breaches to name but a few.

What we need to figure out is how we stop these risk events from happening.

So here are five Third-Party Risk Management Trends for 2023 I’d be thinking about.

1. You need to understand Data Protection and track your data role

Gartner notes that "by the end of 2023, modern privacy laws will cover the personal information of 75% of the world's population”. GDPR was the first of many waves of new data privacy legislation.

Your organisation is responsible for personal data categories such as employee data. It will also have responsibilities regarding personal data that vendors can access.

For example, if you onboard a new HR System that requires your collection of you employees' personal information, your vendor is likely to be a processor. If so, you need to have the correct Standard Contract Clause in place within your Data Processing Agreement to govern this.

Under the General Data Protection Regulation (GDPR), organisations must comply with several data roles such as Controller, Processor and Data Subject.

You need to understand the data role of your vendors and your organisation. You can use the custom data capability within Gatekeeper to create data protection insights to track your role (e.g. are you a data controller or a data processor?) and that of your vendors.

Custom Data within GatekeeperDefine custom data for your vendors within Gatekeeper

See, the fines are no longer a slap on the wrist but a hammer blow to your organisation.

The GDPR provides for two types of fines: administrative and corrective. Administrative fines are the more common type of fine.

You will receive an Administrative fine for less severe violations of the GDPR. A less severe fine is a maximum of €10 million, or up to 2% of the organisation's global annual revenue, whichever is greater.

Corrective fines are more severe than Administrative fines, and you'll receive this type of fine for violations of the GDPR that pose a higher risk to the rights and freedoms of individuals."

The severe fines are a maximum of €20 million, or up to 4% of the organisation's global annual revenue, whichever is greater.

Safeguarding your data privacy compliance within your Vendor base has never been more critical.

2. Increased focus on Sustainability and environmental, social, and governance (ESG) factors

As companies continue to prioritise sustainability and responsible business practices, they are likely to place greater emphasis on evaluating the ESG performance of their vendors. ESG performance could include factors such as a vendor's carbon footprint, labour practices, and human rights record in the risk assessment process.

Within Gatekeeper, you can use forms in the vendor onboarding process to ask specific ESG-related questions. Your vendor can access these questions through the vendor portal to provide responses that the Procurement Team and the wider business can review.

ESG and Sustainability-focused teams are emerging. It's rare to see a Sustainability Team in organisations today, but perhaps not in the next year or two. Procurement will likely have some ownership, but this direction will likely come from the Senior Leadership Team and become embedded throughout the entire organisation.

3. Greater use of technology and automation in vendor risk management

As the volume and complexity of vendor relationships continue to grow, companies are likely to turn to technology and automation. Using dedicated software will improve the efficiency and effectiveness of their Vendor risk management processes.

Your business may choose technology that includes:

  • Artificial intelligence
  • Machine learning
  • Data analytics in automated risk assessments
  • Continuous monitoring of vendor performance, such as their credit scores.

Market IQ from GatekeeperSee your vendor's cyber and financial health with risk intelligence feeds

Third-Party Risk Management software, like Market IQ, can provide several benefits over a manual approach to third-party risk management, including:

  • A. Improved efficiency: Third-party risk management software can automate many tedious and time-consuming tasks. This includes issuing comms to your vendor should a risk event emerge that was identified through a continuous monitoring feed that analyses your vendors using thousands of data points to determine their financial and cyber health.

    If your vendor suffered a drop in its cyber or financial health overnight you’ll have automation that alerts you to these issues. The move to software can free up time and resources for more strategic tasks and help ensure that risks are identified and addressed promptly.

  • B. Increased accuracy: Third-party risk management software can help to reduce the risk of errors and omissions. By automating the risk assessment process and providing standardised templates and tools, this software can help to ensure that risks are consistently and accurately identified and evaluated.

  • C. Enhanced collaboration: Third-party risk management software often includes tools for collaboration and communication, such as secure messaging and document sharing. This software can improve communication and coordination between different teams and departments, ensuring that all stakeholders are involved in the risk management process.

  • D. Improved reporting: Third-party risk management software can generate comprehensive reports that depict an organisation's third-party risks. These reports can be used to demonstrate compliance, identify trends and patterns, and inform decision-making. I'm particularly fond of the Credit and Cyber scores that I can see on-screen whenever I view one of my vendors.

4. Increased emphasis on resilience and continuity planning

As businesses continue to face uncertainty and disruption from various economic, geopolitical, and environmental sources, they are likely to emphasise the resilience and continuity of their third-party relationships.

To create resilience, you could diversify vendors, conduct scenario planning, and implement contingency plans to mitigate disruption risks.

Ensuring you have the Disaster Recovery and Business Continuity Plans of your most strategic and important vendors (identified through your Vendor Segmentation activities) could be the difference here.

These documents would allow you to carry out a disaster recovery exercise involving these vendors. Such tests ensure you have the best processes to bounce back from any issues should they arise in the real world.

Store business continuity plans centrally in Gatekeeper

5. Vendor Cyber Health will be top of mind

Conducting regular vendor risk assessments is essential to protect your business from the risks associated with vendor cyber health. You'll want to implement robust vendor management processes across your organisation. You could provide vendor cyber security training.

By taking these steps, you can protect your business from cyber threats and position yourself for success."

Through Gatekeeper, you can have confidence that your Vendor's Cyber Health is monitored through Market IQ: Cyber. We can provide you with a Cyber score that indicates the health of your Vendor and allows you to make informed business decisions. 

Once that is populated, you can get a health score and continuously monitor your Vendor's cyber health. If it drops, Gatekeeper will start a risk mitigation process by notifying those that need to know, such as your Software Procurement Manager and InfoSec Team. You can then review and monitor this change until you're happy that the issue has been closed.

Wrap Up

These trends will likely be driven by a combination of factors, including changes in the business environment, technological advances, regulations and evolving stakeholder expectations.

By staying up-to-date on these trends and adapting their third-party risk management practices accordingly, companies can ensure that they are well-positioned to manage the risks associated with their Vendor relationships and maintain the resilience and sustainability of their business.

Unlock the power of third-party risk management in 2023 with Gatekeeper."

Book a demo of our innovative Contract and Vendor Lifecycle Management platform now and see how it can transform your business. 

Daniel Barnes
Daniel Barnes

Daniel Barnes is a seasoned Procurement and Contract Management Leader, with a Masters in Commercial Law from the University of Southampton. He’s on a mission to transition the sector from manual, spreadsheet-driven processes to efficient, automated operations. Daniel hosts the Procurement Reimagined Podcast, exploring innovative strategies to modernise procurement and contract management, striving for a more streamlined and value-driven industry.


Contract Management , Control , Compliance , Vendor Management , Contract Lifecycle Management , Contract Management Software , Visibility , Contract Lifecycle , Case Study , Supplier Management , Vendor Management Software , Contract Risk Management , Vendor and Contract Lifecycle Management , Contract Management Strategy , Contract Repository , Risk Mitigation , Regulation , Contract Automation , Workflows , CLM , Contract Ownership , Contract Visibility , Contracts , Regulatory compliance , Supplier Performance , Supplier Risk , TPRM , Third Party Risk Management , VCLM , Contract and vendor management , Legal , Legal Ops , Podcast , Procurement , Risk , Vendor Onboarding , contract renewals , Future of Procurement , Gatekeeper Guides , Procurement Reimagined , Procurement Strategy , RFP , Supplier Relationships , Business continuity , CLM solutions , COVID-19 , Contract Managers , Contract Performance , Contract Redlining , Contract Review , Contract Risk , Contract compliance , ESG , Metadata , Negotiation , SaaS , Supplier Management Software , Vendor Portal , Vendor risk , webinar , Artificial Intelligence , Clause Library , Contract Administration , Contract Approvals , Contract Management Plans , ESG Compliance , Kanban , RBAC , Recession Planning , SOC Reports , Security , Sustainable Procurement , collaboration , AI , Audit preparedness , Audit readiness , Audits , Business Case , Clause Template , Contract Breach , Contract Governance , Contract Management Audit , Contract Management Automation , Contract Monitoring , Contract Obligations , Contract Outcomes , Contract Tracking , Contract Value , Dashboards , Data Fragmentation , Due Diligence , ECCTA , Employee Portal , Excel , FCA , ISO Certification , KPIs , Legal automation , LegalTech , Market IQ , NetSuite , Obligations Management , Procurement Planning , Redline , Scaling Business , Spend Analysis , Standard Contractual Clauses , Suppler Management Software , Touchless Contracts , Vendor Relationship Management , Vendor risk management , central repository , success hours , time-to-contract , APRA CPS 230 , APRA CPS 234 , Australia , BCP , Bill S-211 , Breach of Contract , Brexit , Business Growth , CCPA , CMS , CPRA 2020 , CSR , Categorisation , Centralisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Approval , Contract Attributes , Contract Challenges , Contract Change Management , Contract Community , Contract Disengagement , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Features , Contract Management Optimisation , Contract Management pain points , Contract Negotiation , Contract Obscurity , Contract Reminder Software , Contract Reporting , Contract Routing , Contract Stratification , Contract Templates , Contract Termination , Contract Volatility , Contract relevance , Contract relevance review , Contracting Standards , Contracting Standards Review , Cyber health , DORA , DPW , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , EU , Electronic Signatures , Enterprise , Enterprise Contract Management , Financial Services , Financial Stability , Force Majeure , GDPR , Gatekeeper , Healthcare , ISO , IT , Implementation , Integrations , Intergrations , Key Contracts , Measurement , Mergers and Acquisitions , Microsoft Word , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , RAG Status , Redlining , Redlining solutions , Requirements , SaaStock , Shipping , Spend optimzation , Startups , SuiteApp , SuiteWorld , Supplier Cataloguing , Technology , Usability , Vendor Governance , Vendor compliance , Voice of the CEO , automation , concentration risk , contract management processes , contract reminders , document automation , eSign , esignature , post-signature , remote working , vendor centric , vendor lifecycle management

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates