Program Evaluation

How strong is your third-party risk management program? How do you compare with others in your industry? Are you meeting industry best practices regarding vendor management? A third-party risk management program evaluation by SecureCrest helps you answer these questions, and gives you a clear and achievable plan to remediate gaps. 

Our process is comprehensive in trying to fully understand the capabilities of the third-party risk management program. Our process is as follows; 

Discovery

Components from the vendor risk management framework are used in the discovery process. 

Discovery tasks include; 

  • Information gathering

  • Surveys & Questionnaires

  • Review of documentation, policies & procedures, strategic plans, and other background materials

  • Interview with staff, management and stakeholders 

Analysis

SecureCrest consultants will analyze the information and consider changes needed to conform to best practices 

Analysis tasks include; 

  • Review of information gathered during discovery 

  • Identify strengths and weaknesses in the current program

  • Evaluate the gap between the current program and desired state 

Findings & Recommendations

A report is generated highlighting the risks in the current program, and an action plan for making improvement.

 

 

Findings/Recommendations Include;

 

  • Gap Analysis/ Report card 

  • Recommendation 

  • Action plan 

  • Road map for mitigation to the desired future state.