Select Page

Vendor Risk Management Maturity Model


The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. This “benchmark” tool helps organizations plan programs and set goals.


    The Vendor Risk Management Maturity Model (VRMMM) is a holistic tool for evaluating maturity of third party risk programs including cybersecurity, IT, privacy, data security and business resiliency controls. The VRMMM, together with the Vendor Risk Management Benchmark Study, allows an organization to develop a strategy before building a program, or identify where and how to set goals to make programs more robust.

  • How the VRMMM Works

    Broken into eight categories, the model explores more than 200 program elements that should form the basis of a well-run third party risk management program.

  • Membership

    Want access to all the Shared Assessment Program tools, thought leadership and a network of members?

    Find out about Membership or for general inquiries, email

    Membership Info