big city
Please be aware that someone is posing as a Skyriver IT recruiter. If you would like to apply, please go to the careers page on our website
Skyriver IT logotype.
Client ServicesContact Us
support iconPhone Icon
skyriver IT
/
blog & news
/
Outages, Capital One, and TPRM (Third-Party Risk Management)

Outages, Capital One, and TPRM (Third-Party Risk Management)

2/6/2025
|
3 minute
written by

What do outages, Capital One Banking, and TPRM (Third Party Risk Management) all have in common? The answer is simple: no matter the business (Capital One, in this case) or the cause (an unexpected outage), someone will be held accountable—and that someone could very well be you. Third-party risk is an inevitable part of business today, especially with the vast range of vendors involved. How you approach TPRM and the proactive steps you take can significantly mitigate the damage caused by third-party failures, as well as protect your company’s reputation.

The Outage

This past January, Capital One experienced a multi-day outage that disrupted services for thousands of customers, creating a nightmare scenario for the bank. Customers found themselves locked out of their accounts, unable to access online banking, and faced delays with direct deposits and payments. The cause was traced to a technical issue with a third-party vendor, Fidelity Information Systems (FIS). As banks increasingly depend on third-party technology providers, they inevitably face higher operational risks. After a few days, Capital One reported that services were restored, but the impact had already been felt. Notably, Capital One wasn’t alone—several other banks using FIS also faced similar disruptions. FIS later attributed the outage to a "local area power loss and hardware failure."

Who Gets the Blame?

In the aftermath of such disruptions, the question of responsibility arises: who is to blame? The answer varies depending on whom you ask. FIS cites power loss and hardware failure, while the banks hold FIS accountable. However, customers ultimately look to their bank for answers. They don’t see or understand the third-party relationship; all they know is that their bank failed them. The key takeaway here is that, regardless of who is at fault, what truly matters is how the issue is managed and addressed.

Communication

During this time, customers were eager for updates on when services would be restored and expected clear communication throughout the process. The timing, occurring mid-month, made the disruption even more challenging, as many people rely on timely access to their paychecks and transfers to cover essentials like food, rent, and utilities. Any failure in transparency or communication can significantly damage the company’s reputation. As a result, Capital One is now facing a class-action lawsuit from customers who were unable to access their funds for an extended period. The initial public statement lacked details about the scope of the issue or a timeline for resolution. It wasn’t until hours later that Capital One sent a more reassuring email, offering an updated expectation for when services would return to normal. This incident underscores the importance of not only proactively managing third-party risks but also handling crises effectively and maintaining clear communication when things go wrong.

Steps to Avoid Mishaps

While breaches and disruptions are inevitable, the risks associated with third-party vendors can be mitigated through diligent management. Business leaders can take several proactive steps to minimize the impact of these issues.

Reassess Contracts:

A significant outage is a reminder for business leaders to review third-party contracts.

Key questions to ask include:

  • What service level agreements (SLAs) are in place?
  • What uptime guarantees does the vendor provide?
  • Are there clear provisions in place for handling disruptions or failures?

Conduct Ongoing Evaluations:

The security and continuity of your business depend on the practices of your third-party vendors. To mitigate risk, ask the following:

  • What actions is the vendor taking to protect their operations and, by extension, yours?
  • Classify your vendors based on how critical they are to your business.
  • The greater the potential disruption caused by a vendor outage, the more vital it is to evaluate their reliability and resilience regularly.

Evaluate Vendor Scalability:

As businesses grow, it's essential for leaders to assess whether their third-party vendors can scale with them. Ensure that each vendor is capable of supporting the business as it evolves and expands.

Conclusion

While no plan can be 100% foolproof, the proactive steps you take today can prevent significant issues in the future. By carefully vetting your vendors and reviewing fail-safes, you can turn third-party partnerships into a source of strength rather than a vulnerability. At Skyriver IT, we’re here to help you create a robust plan of action to ensure your data and business are secure, regardless of any incident. Contact us today to learn more!

Latest Posts

Threat Actors Hungry for Breaches: Grubhub Faces Data Breach Through Third-Party Vendor

February 20, 2025
|
3 minute

Third-Party Risks: How You Can Protect Your Business

February 12, 2025
|
3 minute

How IT Service Providers Can Help Manage Your Third-Party Risks

January 30, 2025
|
3 minute
KGC Technologies, LLC D/B/A Skyriver IT meets ADA website standards according to Web Content Accessibility Guidelines (WCAG)
OK
By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively.
OK