The 2016 Vendor Risk Management Benchmark Study Released

Benchmark 2016 Infograp

The Shared Assessments Program and Protiviti Examine
the Maturity of Vendor Risk Management

Despite clear progress in program maturity reported in this year’s Vendor Risk Management Benchmark Study, none of the eight risk management categories approached a level of 4.0 on a 5.0-point scale, a level at which programs are fully implemented and all compliance measures are in place. Four categories scored 3.0 or higher and none exceeded 3.1. Organizations with levels of 3.0 have vendor management components that are fully defined, approved and established, but not all processes are fully operational. The study utilized the categories from the Shared Assessments Vendor Risk Management Maturity Model (VRMMM), a holistic tool used for evaluating the maturity of third party risk programs including for cybersecurity, IT, privacy, data security and business resiliency controls. The eight vendor risk categories are: Program Governance; Policies, Standards and Procedures; Contracts; Vendor Risk Identification and Analysis; Skills and Expertise; Communication and Information Sharing; Tools, Measurement and Analysis; and Monitoring and Review.

In terms of tone at the top, this study demonstrated that while many boards (39%) have a high level of engagement in and understanding of cyber risks within their own organization, significantly fewer (26%) understand and are engaged in reducing cyber risks in vendors that directly support their organizations.

The 2017 Shared Assessments Vendor Risk Management Maturity Model (VRMMM)

The VRMMM is a holistic tool for evaluating maturity of third party risk programs including cybersecurity, IT, privacy, data security and business resiliency controls. The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices.

The 2017 VRMMM is free to both members and non-members.

Learn more and download your free VRMMM »

report-thumbThank You to Shared Assessments Member Protiviti

Special thanks to Protiviti for their support of this research and their leadership and dedication to developing best practices for managing third party risk.

To obtain a copy of this report, please complete the form below. The Survey will be sent upon receipt of submission to the email address provided.

  • This field is for validation purposes and should be left unchanged.
Shared Assessments Logo usbank
Shared Assessments Logo dtcc
Shared Assessments Logo first data
Shared Assessments Licensee Lockpath
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Logo pwc
Viewpoint Logo
Shared Assessments Logo Ernst & Young
Shared Assessments Licensee Power Advocate
Shared Assessments Licensee Bank of the West
Shared Assessments Licensee ZS logo
MetricStream logo
Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee Protiviti
Shared Assessments Logo Deloitte
Shared Assessments Logo radian
Shared Assessments Licensee TD Ameritrade
Shared Assessments Licensee Rsam
Shared Assessments Logo sei
Shared Assessments Logo Iron Mountain
Shared Assessments Licensee Pivot Point Security
Shared Assessments Licensee ControlCase