When we think about third party risks, we often think of the design firm that has access to the latest product concepts, or the payroll function that handles everyones salary, maybe even the accountancy firm preparing the latest reports.

But it's rare to think of the  vendors entrusted to minimise risk, to be a source of risk. 

Like the Watchmen, the question is who watches the watchers?