Third-Party Risk Management Product Release 2025

In the coming weeks, Shared Assessments will release its 2025 Third-Party Risk Management (TPRM) Product Suite – and resilience is the word!

Artificial Intelligence (AI) has arrived and accelerated. 63% of organizations with more than $50 million in annual revenue characterize the implementation of AI as a high priority, yet 91% of these organizations do not feel prepared to do so in a responsible manner, a recent McKinsey survey shows.

Supply chains have spun out into complex webs of layered tiers. 43% percent of organizations have limited to no visibility of tier one supplier performance, a recent KPMG study brings forward.

Amid this spiraling complexity and technological advancement, resilience is the only antidote to risk. Regulators and standards agencies worldwide seem to agree; recently released frameworks including the Digital Operational Resilience Act (DORA), the Network and Information Systems Directive 2 (NIS2), and NIST Cybersecurity Framework (CSF) Version 2.0 all share a common goal of enhancing cybersecurity and operational resilience.

Our 2025 TPRM Product Suite has integrated these exceptional evolutions and nascent frameworks to offer a fine-tuned solution for every step of the TPRM Lifecycle:

“Our 2025 Product Release elevates user experience through improved usability within our solutions. We’ve remained true to our previously established risk domains while giving priority to our member and subscriber suggestions. Staying current with regulations and guidance, our 2025 TPRM Product Suite gives practitioners the ability to turn risk into readiness and resilience.”

Kelcey Reed, SVP, Technology and Products

Third Party Risk Management Product Suite Introduction

In a rapidly evolving regulatory and risk environment, Shared Assessments’ products incorporate industry standards and the collective intelligence of our diverse member base to keep third-party risk management programs current. From evaluating the maturity of your own risk management program to assessing your vendors, our products support you in managing vendor risk effectively and efficiently.

Our 2025 Product Suite is comprised of the Vendor Risk Management Maturity Model (VRMMM), Third-Party Service Inherent Risk Rating (TPSIRR), Standardized Information Gathering Questionnaire (SIG), Standardized Control Assessment Procedure (SCA), Data Governance Products, and Environmental Social and Governance Standardized Information Gathering Questionnaire (ESG SIG).

Vendor Risk Management Maturity Model (VRMMM)

The VRMMM gives you a blueprint for maturing your program TPRM program by benchmarking against best practices. Our recently released Interagency Guidance (IAG) Gap Analysis maps to questions in the VRMMM. As you identify new requirements and self-assess your organization’s compliance with the IAG Guidance, make a roadmap for maturing your risk management program with the combination of tools.

Learn more about the VRMMM here. 

Third-Party Service Inherent Risk Rating (TPSIRR)

The TPSIRR prepares you for due diligence by determining your vendors’ Inherent Risk Rating (IRR). We’ve added Custom Data Classification definitions and examples and introduced greater clarity, better weighting, more customizability and actionability to the forthcoming 2025 TPSIRR.

Learn more about the TPSIRR here. 

Standardized Information Gathering Questionnaire (SIG)

The SIG assesses and analyzes vendor risk efficiently and demonstrates your organization’s risk posture through an industry-standard questionnaire. This 2025 release brings DORA, NIS2, and NIST 2.0 regulatory mappings to the SIG to ensure cybersecurity readiness and resilience across your vendor network.

Learn more about the SIG here. 

Standardized Control Assessment Procedures (SCA)

The SCA verifies vendor compliance through validation of third-party controls. The 2025 SCA includes DORA, NIS2, and NIST 2.0 control attributes. 

Learn more about SCA here. 

Data Governance Products

The Data Governance Products address specific data protection obligations through management of vendor data inventories and due diligence tracking.

Learn more about our Data Governance Products here. 

Environmental Social and Governance Standardized Information Gathering Questionnaire (ESG SIG)

ESG SIG streamlines regulatory compliance through focused assessments of vendor ESG Risk.

Learn more about our ESG SIG here. 

Product Release 2025 Launch Events

Throughout the fall, we will be hosting sessions to highlight new features and functionality in this release. Join us for some or all of our upcoming Product Release 2025 events!

Demo: Move On Up: Overview Of The 2025 TPRM Product Suite October 31, 2024 | 11:00am-11:30am ET Register

Demo: Rise Above Risk: The 2025 SIG November 7, 2024 | 11:00am – 11:30am ET Register

Member Forum Call: Product Release 2025 Review  November 12, 2024 | 11:00am-12:00pm ET Register

Demo: A Roadmap For Maturity: The 2025 VRMMM November 13, 2024 | 11:00am – 11:30am ET Register

International Live Demo: Product Release 2025 November 20, 2024 | 10:00am-11:00am GMT +1/SST Register

Demo: The Due Diligence Dance: Determine Inherent Risk First November 21, 2024 | 11:00am – 11:30am ET Register

TPRM Trifecta: TPSIRR -> SIG -> SCA December 5, 2024 | 11:00am – 11:30am ET Register