Half-full or half-empty: third-party risk management in life sciences and medical devices

Life sciences and medical device companies increasingly rely on third parties for almost every phase of their businesses. But companies put themselves at risk if their suppliers don’t adequately manage their own regulatory and operational vulnerabilities. By improving their coordination with suppliers, companies can mitigate overall risk while reducing the cost of protecting their businesses.

At a glance

• Companies increasingly turn to external vendors to do everything from making travel arrangements to conducting clinical trials.  
• But they could fall short of their business objectives if they fail to manage third-party risk.
• Although many companies have stepped up their reviews of suppliers, there are still gaps between their own risk management practices and those of their vendors.
• To close those gaps, companies need to better understand the risks they face, recruit and retain high-caliber risk and compliance professionals, continuously monitor changes in their business, and proactively manage their IT infrastructure.
• As far as possible, risk-assessment methodologies should be consistent across the organization, and management should track their effectiveness.