Third-Party Risk Register

Third-Party Risk Register

Nov 18, 2019

An inventory set up and used throughout the vendor lifecycle in which an organization identifies all the risks involved in outsourcing a specific service/activity, providing in sum a record of all the risks associated with all third parties across the organization. Each risk is graded in terms of likelihood of occurrence, seriousness of impact, initial plans for mitigating each known high level risk, potential costs and assignment of responsibilities of the prescribed mitigation strategies and subsequent results. The register usually includes: a unique identifier for each risk; a description of each risk and how it will affect the service and the organization; an assessment of the likelihood the risk will occur and the possible seriousness/impact if it does occur (low, medium, high); a grading of each risk according to a risk assessment table; who is responsible for managing the risk; an outline of proposed mitigation actions (preventative and contingency); and in larger projects, the cost of each mitigation strategy. This register should be maintained throughout the vendor lifecycle and will change regularly as existing risks are re-graded in the light of the effectiveness of the mitigation strategy, and new risks are identified.

Sign up for our Newsletter

Learn about upcoming events, special offers from our partners and more.

Sub Topics