A federated third party risk management structure incorporates: a common vendor data base (a single source of third party related organizational truth); and one cross-organization standard for risk identification, risk management (including escalation) and risk reporting. At the same time, federated structures assign specific responsibilities (which may vary from one organization to another) to the individual business units (first line of defense) that actually own outsourcing risks.
