TPSIRR – Third Party Service Inherent Risk Rating

Understand the inherent amount and types of risk posed by prospective third-party engagements.

$1,500 / 1 Year
Corporate License
Members: For member pricing ($1,000/ 1 Year), please contact Membership.

Inherent Risk

Inherent Risk is the natural level of risk that is part of any process or activity — given an existing understanding of how the service is being orchestrated and some detail of the components of its delivery.  Inherent risk rating should take place prior to the evaluation of controls.

Third-Party Service Inherent Risk Rating

Our TPSIRR solution provides a consistent technique for practitioners and other risk stakeholders to identify third-party risks inherent in the services being provided to them. The product then scores these risks in an organization-controllable way and recommends a scoped SIG Questionnaire or extended assessment. The TPSIRR allows practitioners to:

  • Determine third-party Inherent Risk Ratings (IRR) across vendor portfolios
  • Discern areas of focus (including controls) for risk-based due diligence
  • Report on the types of third-party risks introduced to an organization by third-party vendors.

Key Functionalities

  • Vendor Risk Scoring in accordance with an organization’s customizable risk classifications
  • Quick-Glance Assessments using RAG reporting for levels of risk (Red=High, Amber=Moderate, Green=Low)
  • Due-diligence scoping and frequency planning including identification of the appropriate SIG Questionnaire (Lite, Core, Full)
  • Risk Tiering derived from inherent risk ratings
  • Dashboard tracking on Inherent Risk Ratings (IRR) completed across vendor portfolios

    TPSIRR Areas Of Impact

    The TPSIRR “Areas of Impact” and the SIG Questionnaire risk domains they encompass:

    TPSIRR Areas Of Impact Included SIG Risk Domain(s)
    Operational Resilience Operational Resilience Compliance Management
    Artificial Intelligence/Machine Learning & Financial Model Risk Compliance Management
    Use of Technology Providers Cloud Hosting
    Cyber Security and Information Protection/Technology Access Control Application Security
    Subcontractors/Fourth and Nth Parties Nth-Party Management
    Network Connectivity/API Integration Security Nth Party Management Network Security
    Geo-Location Factors Compliance Management

    Learn about the SIG Risk Domains.