Third party risk is synonymous with vendor risk and supply chain risk. A “third party” is a business associate, contractor, subcontractor, vendor, service provider, business partner…an organization who has access to your sensitive data or your corporate network, or provides IT infrastructure to you.
Third party risk includes the access of PII or PHI by an unauthorized party; theft or loss of information in the possession of a third party; and failure to stop the transmission of malware or other malicious content.