Here’s a good overview article from the RSA Blog about third party risk:
To ensure effective oversight for third-party risk, it is essential that an organization’s top executives are fully aware of and involved with third-party management. Although aimed primarily at financial institutions, the updated guidance from the Office of the Comptroller of the Currency, published in 2013, applies to all organizations that engage in third-party relationships. Calling for organizations to adopt robust risk assessment and monitoring for all third-party relationships, it urges companies to ensure boards and directors receive adequate reporting on third-party relationships and that they are fully integrated into enterprise risk management and compliance frameworks.
Further, it is crucial that a wide range of roles and business units throughout the organization are given responsibilities for third-party management. However, this must be done in an integrated fashion, rather than using the siloed approach that currently exists in many businesses.