This group agreed that when you are the customer in a relationship with a third-party vendor or supplier, you do have the power to influence how secure those third parties are, so don’t underestimate your handle on the situation. One of the first options in ensuring your suppliers are secure is conducting an assessment of their systems and processes—and making this an absolute standard for all of your relationships with third parties, and that you continue to routinely assess them throughout your working relationship. This group also discussed what many organizations are lacking in their third party security and assessment. For example, there are SOC and SOC 2 reporting, but a new SOC 2 Plus can also help further reinforce third party security—however, it’s so new, few know of it. All in all, the group agreed that third-party security is a difficult area to address and maintain. Unless teams have completely unrestrained resources, this will always prove difficult, but teams must remain diligent and do the best they can to keep themselves secure when working alongside third parties.