The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.
-
VRMMM Tools
The Vendor Risk Management Maturity Model (VRMMM) evaluates third party risk programs against a set of best practices and industry benchmarks.
-
How the VRMMM Works
Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program. A VRMMM will help Third Party Risk Programs:
- Adapt a program structure by type of outsources services and maturity level based on industry, organization size and risk tolerance.
- Make informed decisions for resource allocation and vendor-related risk.
- Establish a baseline against which to benchmark program maturity.
- Use program governance as a foundational element for other risk program criteria.
- Identify components that will deliver the highest organizational value.
- Track program maturity over time to determine and communicate progress, and identify areas for improvement.
-
Membership
Want access to all the Shared Assessment Program tools, thought leadership and a network of members?
Find out about Membership or for general inquiries, email erica@santa-fe-group.com.