Understanding how third party risk impacts operational resilience and aligning to regulatory requirements