2017 Vendor Risk Management Maturity Model (VRMMM)
Vendor Risk Management Maturity Model (VRMMM)
The Vendor Risk Management Maturity Model (VRMMM) is a holistic tool for evaluating maturity of third party risk programs including cybersecurity, IT, privacy, data security and business resiliency controls. The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. Because of the VRMMM’s ability to identify specific areas for improvement, this Program Tool allows companies to make well-informed decisions that drive efficient resource allocation and use, and help manage vendor-related risks effectively. Using governance as the foundational element, the model identifies the framework elements critical to a successful program. High-level categories are broken down into components in a manner that makes the model adaptable across a wide spectrum of industry groups.
Enhancements to the 2017 VRMMM include:
- Modifications to Maturity Level definitions and improved guidance that simplify and clarify Maturity ranking.
- Addition of an Accountability Tab to assist organizations in assigning responsibility for completion of sections of the VRMMM, allowing users to identify the resources responsible by risk area category.
The 2017 VRMMM includes the 2017 VRMMM and VRMMM Overview
Become a Shared Assessments Program Member
Shared Assessments members are national and international organizations of all sizes that understand the importance of comprehensive standards for managing third party risk. They include financial institutions, healthcare organizations, energy/utility, retailers and telecommunications companies.
They are service providers of all sizes, consulting companies, and assessment firms. They are the best in their class, members of a global community of vendor risk management professionals who understand the value of implementing efficient and effective industry-standard practices.
- Free access to the Shared Assessments Program Tools.
- Working on one of the Program’s Standing Committees (SIG, AUP or VRMMM) to continue to refine the Program’s Tools. Member input is what keeps the Shared Assessments Program Tools on the leading edge of third party risk assurance issues.
- Participate in Special Projects and Interest Groups. Join your peers to identify, discuss and address the issues you (and your management) feel are top priorities for resolution.
- Participants in Shared Assessments committees, projects and special interest groups earn CPE credits while demonstrating risk management and compliance leadership.
- Join the monthly Member Forum and other special interest calls. Listen to key industry and regulatory thought leaders presenting on the latest developments in vendor risk management and regulatory compliance.
- Access to third party risk management training and education, white papers, project documents, and case studies.
- Discounts on registration for Shared Assessments events and educational workshops.
Reminder: If you have already purchased the Shared Assessments Tools, become a Shared Assessments Program member and reduce your annual dues by the total amount of your purchase, if done so within 6 months of your Program Tool Purchase.