Select Page

Vendor Risk Management Maturity Model


The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.

  • VRMMM Tools

    The Vendor Risk Management Maturity Model (VRMMM) evaluates third party risk programs against a set of best practices and industry benchmarks.

  • How the VRMMM Works

    Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program. A VRMMM will help Third Party Risk Programs:

  • Adapt a program structure by type of outsources services and maturity level based on industry, organization size and risk tolerance.
  • Make informed decisions for resource allocation and vendor-related risk.
  • Establish a baseline against which to benchmark program maturity.
  • Use program governance as a foundational element for other risk program criteria.
  • Identify components that will deliver the highest organizational value.
  • Track program maturity over time to determine and communicate progress, and identify areas for improvement.
  • Membership

    Want access to all the Shared Assessment Program tools, thought leadership and a network of members?

    Find out about Membership or for general inquiries, email

    Membership Info