Having a strong third-party risk management program (TPRM) ensures that you are fully aware of the risks posed by your vendors and suppliers. Having this knowledge, allows you to proactively work with these third-parties in a productive manner to resolve these risks. We can help you develop a program that has senior leadership support, and one that brings together different business units to the table such as legal, information security and procurement.
We use industry standard methodologies to develop a third-party risk management program that is comprehensive and scalable to meet client demands. As part of our program development, we begin with developing the program governance which includes defining program objectives and goals as well as establishing management oversight of the third-party risk management program. We then move to putting together polices procedures and standards for the program. These policies, procedures and standards will touch on every step of the vendor life cycle, which include, due-diligence, contracting, risk assessment, and termination.
A major competent of our program development will be focused on the vendor risk assessment process. We begin by classifying and tiering each vendor based on their inherent risk rating of High, Moderate or Low. From this classification we will determine the frequency and scope of the information security assessment. Lastly, we will put together the infrastructure for the third-party risk management program, which includes communication, information sharing, workflow management and monitoring.