The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.
The Vendor Risk Management Maturity Model (VRMMM) is a holistic tool for evaluating maturity of third party risk programs including cybersecurity, IT, privacy, data security and business resiliency controls. The VRMMM, together with the Vendor Risk Management Benchmark Study, allows an organization to develop a strategy before building a program, or identify where and how to set goals to make programs more robust.
How the VRMMM Works
Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program.