Table of Contents

What is third party risk management?
Why is third party risk management important?
Who is considered a third party?
What is an example of a third party?
What is a vendor risk management program?
What is a third party risk assessment?
What are common types of third party risks? 

What Is Third Party Risk Management?

Third party risk management (TPRM) (also called vendor risk management or VRM) is the practice of evaluating and then mitigating the risks introduced by vendors (suppliers, third parties, or business partners) both before establishing a business relationship and during the business partnership. 

Why is third party risk management important?

Third party risk management is essential because unaddressed third party risks potentially expose an organization to cybersecurity threats, supply chain disruption, and data breaches resulting in reputational damage. Increasingly, it is a regulatory requirement to protect against the threats introduced by third parties with risk management. 

Who is considered a third party?

A third party or vendor is a business or company with whom you have an agreement to provide a good/product or service on behalf of your organization, typically referred to as a vendor. Third parties are who you outsource or subcontract with. Your organization relies on their products and services in manufacturing, to maintain operations, and/or to deliver your end product or service.

What is an example of a third party?

 Third parties in your organization include any vendor you outsource to or with and any vendor essential to the manufacturing or delivery of your product/service. Examples of third parties might be your:

  • Internet provider
  • Attorney
  • Software provider
  • Payroll provider

What is vendor risk management program?

A vendor risk management program, also called a third party risk management program, are the people and processes organized to identify and mitigate the risks introduced to your organization by vendors.

What is a third party risk assessment?

 A third party risk assessment is a due diligence review of a vendor to provide an understanding of their practices. It is a process that can assess potential third party risk and identify vulnerabilities.

What are the common types of third party risks?

A vendor risk management program or a third party risk management program is designed to protect against operational risk, reputational risk, financial risk and compliance risk.

Third Party Risk Management Tools for Risk Management Professionals.

Shared Assessments’ thought leaders develop best practices based resources, including tools that are:

  • Member-driven
  • Industry-standard
  • Consistent, robust and cost-effective

Our tools help organizations better manage third party risk, using controls for cybersecurity, IT, privacy data security and business resiliency. Program Tools are kept current with industry need, regulations and the threat environment.