Select Page

Vendor Risk Management Maturity Model


The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.


    The Vendor Risk Management Maturity Model (VRMMM) is a holistic tool for evaluating maturity of third party risk programs including cybersecurity, IT, privacy, data security and business resiliency controls.

  • How the VRMMM Works

    Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program.

  • Membership

    Want access to all the Shared Assessment Program tools, thought leadership and a network of members?

    Find out about Membership or contact us.

    Membership Info