The Role of Automation in Third-Party Risk ManagementVodacom Group's Darshan Lakha Shares His Views on Managing Supply Chain Risks
The vast range of questionnaires used in the current third-party assessment process make the process ineffective because the questionnaires typically do not give the context required for specific organizations with unique needs, according to Darshan Lakha, head of cybersecurity at Vodacom Group.
"The third-party frameworks lack in terms of reporting and detail. The nature of the reports is sometimes not accurate, and they don’t provide the necessary measure of security itself. It sometimes is wasting a resource and time," Lakha said.
Lakha said most questionnaires do not give insight into the business context and nature of resilience.
He said automation works very well around "prioritization of controls and receipt of evidences associated through those particular controls and he advocated "leveraging those data points through data analytics to make sense of high-risk areas of suppliers that you have," he said.
In this video interview with Information Security Media Group, Lakha discussed:
- Current challenges around third-party risk management;
- The role of automation;
- Collaboration opportunities to improve third-party risk management.
Lakha has more than 20 years of experience in the field of cybersecurity and information technology. His experience includes designing and implementing secure network solutions, overseeing internal and external audits, and applying threat intelligence to protect organizations from evolving threats.