“Trust, but Verify” Model of Third-Party Risk Management

“Trust, but Verify” Model of Third-Party Risk Management

Nov 8, 2018

The “Trust, but Verify” model has become the gold standard process in third party assessments. The “Trust” component of the model is typically facilitated through a query instrument (e.g., a questionnaire), a means by which the outsourcer can obtain the third party’s statement about its control environment, at a detailed level if desired. The “Verify” component of the model has two primary parts which are interrelated: 1) Initial Onsite/Virtual Assessments; and 2) Ongoing Monitoring. Ongoing Monitoring, in turn, has two component parts: a) Periodic Ongoing Monitoring; and b) Continuous Monitoring.

Sub Topics