A VRMMM Helps Third Party Risk Programs
- Adapt a program structure by type of outsourcer services and maturity level based on industry, organization size and risk tolerance.
- Make informed decisions for resource allocation and vendor-related risk.
- Establish a baseline against which to benchmark program maturity.
- Use program governance as a foundational element for other risk program criteria.
- Identify components that will deliver the highest organizational value.
- Track program maturity over time to determine and communicate progress, and identify areas for improvement.
How Our Third Party Risk Maturity Model Works
The VRMMM breaks third party risk down into eight categories and explores more than 200 program elements that should form the basis of a well-run third party risk management program.
Measurements
Optimizing Vendor Risk Management Programs
8.0 Monitor & Review
Contract Provision Tracking & Maintenance; Monitoring Service Level Agreements and Performance; Potential Changes to Internal & External Environments; Self-Assessment/Audit Readiness & Assurance; Controls Validation &/or Testing; Continuous Monitoring Program.
7.0 Tools, Measurements & Analysis:
Workflow Management; Vendor Risk Scoring Tools; Vendor Financial Analysis; Vendor Business Risk; Tool Automation.
Operations
Implementing Vendor Risk Management Programs
6.0 Communications & Information Sharing:
Vendor Risk Program Integration; Dashboards/Scorecards; Operational Management Reporting; Board & Executive Reporting; Communication Protocols.
5.0 Skills & Expertise:
Roles & Responsibilities; Staffing Levels & Competencies; Training & Awareness; Budget & Resources; Certifications.
4.0 Vendor Risk Assessment Process:
Outsourcing Risk Assessment Process; Vendor Assessment and Classification; Vendor Assessment Operational Processes; Vendor Assessment Metrics Reporting; Ongoing Vendor Risk Assessments; Process Automation.
Foundation
Building Vendor Risk Management Programs
3.0 Contracts:
Vendor Contract Management Operational Procedures; Criteria/Guidelines for Standard Contract Provisions; Relationship Management; Management Oversight.
2.0 Policies, Standards, Procedures:
Vendor Risk Management Policy; Vendor Inventory Requirements; Vendor Due Diligence Standards; Vendor Classification Operational Procedures; Contract Management Governance; Vendor Management Procedures; Vendor Termination or Exit Procedures.
1.0 Program Governance:
Formalized Vendor Risk Governance Model/Structure; Defined Program Objectives/Goals; Established Risk Posture; Board Reporting/Management Oversight; Standards of Conduct.
The VRMMM is Used by 3,000+ Organizations to Benchmark and Evaluate TPRM Programs
Vendor Risk Management Tools
Our vendor risk management tools empower you to manage the full vendor assessment life cycle.
VRMMM
Vendor Risk Management Maturity Model
Benchmark and evaluate third party risk programs
- VRMMM Tool
- Vendor Risk Management
- Benchmark Study
- VRMMM Executive Summary
- VRMMM Executive Summary Template
- VRMMM Getting Started Guide
Free to Download
SIG
Standardized Information Gathering Questionnaire
Build, customize, analyze and store vendor questionnaires
- SIG Management Tool
- SIG Getting Started Guide
Single License: $7500 / Year
SCA
Standardized Control Assessment Procedure
Perform onsite or virtual assessments of vendors
- SCA Standards
- SCA Report Template
- Assessment Best Practices Checklist
- SCA Executive Summary Data Table Templates
- SCA Executive Summary Reporting Template
- SCA Getting Started Guide
Single License: $5000 / Year
PRIVACY
Third Party Privacy Tools
Scope and evaluate a third party privacy assessment
- Privacy Tools Questionnaire
- Test Procedures
- Target Data Tracker
- Target Data Tracker Getting Started Guide
Only Available with Toolkit License