Select Page

Vendor Risk Management Maturity Model


The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.

  • VRMMM Tools

    The Vendor Risk Management Maturity Model (VRMMM) evaluates third party risk programs against a set of best practices and industry benchmarks.

  • How the VRMMM Works

    Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program. A VRMMM will help Third Party Risk Programs:

  • Adapt a program structure by type of outsources services and maturity level based on industry, organization size and risk tolerance.
  • Make informed decisions for resource allocation and vendor-related risk.
  • Establish a baseline against which to benchmark program maturity.
  • Use program governance as a foundational element for other risk program criteria.
  • Identify components that will deliver the highest organizational value.
  • Track program maturity over time to determine and communicate progress, and identify areas for improvement.
  • Membership

    Want access to all the Shared Assessment Program tools, thought leadership and a network of members?

    Find out about Membership or for general inquiries, email

    Membership Info

This site uses cookies

Please note that on our website we use cookies necessary for the functioning of our website, cookies that optimize the performance. To learn more about our cookies, how we use them and their benefits, please read our Cookie Policy and Privacy Policy.