Program Evaluation
How strong is your third-party risk management program? How do you compare with others in your industry? Are you meeting industry best practices regarding vendor management? A third-party risk management program evaluation by SecureCrest helps you answer these questions, and gives you a clear and achievable plan to remediate gaps.
Our process is comprehensive in trying to fully understand the capabilities of the third-party risk management program. Our process is as follows;
Components from the vendor risk management framework are used in the discovery process.
Discovery tasks include;
-
Information gathering
-
Surveys & Questionnaires
-
Review of documentation, policies & procedures, strategic plans, and other background materials
-
Interview with staff, management and stakeholders
SecureCrest consultants will analyze the information and consider changes needed to conform to best practices
Analysis tasks include;
-
Review of information gathered during discovery
-
Identify strengths and weaknesses in the current program
-
Evaluate the gap between the current program and desired state
A report is generated highlighting the risks in the current program, and an action plan for making improvement.
Findings/Recommendations Include;
-
Gap Analysis/ Report card
-
Recommendation
-
Action plan
-
Road map for mitigation to the desired future state.