Third-Party & Supply Chain

Hertz Reports Data Breach Associated with Vendor Cleo Communications

Hertz has recently announced that the company is grappling with a data breach that stemmed from a vendor, Cleo Communications US, LLC. This breach, involving a file transfer platform used by Hertz, further demonstrates the vulnerabilities that third-party vendors can introduce to an organization’s data security.

Strengthening Third-Party Risk Management and Governance Across the Extended Enterprise

In the increasingly interconnected world of modern business, organizations rely more than ever on third-party relationships. While these partnerships offer significant opportunities for growth and innovation, they also expose businesses to a range of risks that can threaten resilience and success. As geopolitical tensions and economic uncertainties continue to rise, it is essential for companies to reassess and strengthen their third-party governance, risk management, and compliance strategies. This article expands on the insights from my previous piece, Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise, offering a deeper look into how businesses can build robust, proactive frameworks to navigate these challenges and ensure sustained success across their extended enterprise.

Industry Experts Challenge IIA’s Third-Party Requirements Draft: Advocating for Flexibility & Risk-Based Approaches

The Institute of Internal Auditors (IIA) recently released a Public Consultation Draft for its Third-Party Topical Requirement. At first glance, it may seem like a technical set of guidelines, but the stakes are high. As businesses increasingly rely on third-party relationships—whether with vendors, contractors, consultants, or others—internal auditors face growing challenges in managing these complex connections. The IIA’s draft aims to offer a more standardized, comprehensive approach to assessing and managing the risks tied to external partnerships. For organizations that regularly engage with third parties, the draft provides a clear framework designed to ensure that no critical risks go unnoticed.

EU Supervisory Authorities Give Nod to Commission’s Revisions on Subcontracting Standards Under DORA

The European Supervisory Authorities (ESAs)— namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) — have weighed in on the European Commission’s recent changes to the regulatory framework surrounding subcontracting under the Digital Operational Resilience Act (DORA). And in short, they’re on board.

The ESAs Take the Next Step in Overseeing Critical Third-Party Service Providers Under DORA

The European Supervisory Authorities (ESAs) are paving the way for a stronger oversight framework. Their latest initiative is a clear and deliberate step towards tackling third-party risk, particularly concerning critical ICT service providers, under the EU’s Digital Operational Resilience Act (DORA).

LRQA 2025 Supply Chain ESG Risk Outlook Reveals Hidden Vulnerabilities in Global Sourcing

As the global risk landscape continues to shift, businesses must face the reality of whether the traditional approaches to supply chain risk is no longer enough. In its 2025 Supply Chain ESG Risk Outlook, LRQA doesn’t just confirm what we already know about risks—it reveals deeper, sometimes uncomfortable truths that businesses can no longer afford to ignore. This isn’t just another report filled with jargon, it’s a wake-up call that calls for reflection, action, and a recalibration of how we view supply chain resilience in a rapidly changing world.

U.S. Department of Labor Reaches Agreement with JBS USA to Address Child Labor Compliance in Meat Packing Industry

The U.S. Department of Labor (DOL) has secured an agreement with JBS USA Food Co., the nation’s largest meat packing processor. The company, which operates across numerous U.S. facilities, has committed to a $4 million fund aimed at assisting individuals and communities impacted by child labor practices. This agreement follows a series of DOL investigations that uncovered unlawful child labor at JBS’s facilities.