Hertz has recently announced that the company is grappling with a data breach that stemmed from a vendor, Cleo Communications US, LLC. This breach, involving a file transfer platform used by Hertz, further demonstrates the vulnerabilities that third-party vendors can introduce to an organization’s data security.
In the increasingly interconnected world of modern business, organizations rely more than ever on third-party relationships. While these partnerships offer significant opportunities for growth and innovation, they also expose businesses to a range of risks that can threaten resilience and success. As geopolitical tensions and economic uncertainties continue to rise, it is essential for companies to reassess and strengthen their third-party governance, risk management, and compliance strategies. This article expands on the insights from my previous piece, Navigating the Storm: Strengthening Third-Party Governance and Risk Management in Your Extended Enterprise, offering a deeper look into how businesses can build robust, proactive frameworks to navigate these challenges and ensure sustained success across their extended enterprise.
The Institute of Internal Auditors (IIA) recently released a Public Consultation Draft for its Third-Party Topical Requirement. At first glance, it may seem like a technical set of guidelines, but the stakes are high. As businesses increasingly rely on third-party relationships—whether with vendors, contractors, consultants, or others—internal auditors face growing challenges in managing these complex connections. The IIA’s draft aims to offer a more standardized, comprehensive approach to assessing and managing the risks tied to external partnerships. For organizations that regularly engage with third parties, the draft provides a clear framework designed to ensure that no critical risks go unnoticed.
The European Supervisory Authorities (ESAs)— namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) — have weighed in on the European Commission’s recent changes to the regulatory framework surrounding subcontracting under the Digital Operational Resilience Act (DORA). And in short, they’re on board.
The European Supervisory Authorities (ESAs) are paving the way for a stronger oversight framework. Their latest initiative is a clear and deliberate step towards tackling third-party risk, particularly concerning critical ICT service providers, under the EU’s Digital Operational Resilience Act (DORA).
As the global risk landscape continues to shift, businesses must face the reality of whether the traditional approaches to supply chain risk is no longer enough. In its 2025 Supply Chain ESG Risk Outlook, LRQA doesn’t just confirm what we already know about risks—it reveals deeper, sometimes uncomfortable truths that businesses can no longer afford to ignore. This isn’t just another report filled with jargon, it’s a wake-up call that calls for reflection, action, and a recalibration of how we view supply chain resilience in a rapidly changing world.
The U.S. Department of Labor (DOL) has secured an agreement with JBS USA Food Co., the nation’s largest meat packing processor. The company, which operates across numerous U.S. facilities, has committed to a $4 million fund aimed at assisting individuals and communities impacted by child labor practices. This agreement follows a series of DOL investigations that uncovered unlawful child labor at JBS’s facilities.