History

There are 5 versions of this glossary term.

5. Third-Party Risk Management Lifecycle

Every vendor relationship has a deal cycle that should include the following:

Onboarding - Includes planning & risk assessment, due diligence, and contracting
Ongoing Monitoring - Includes re-assessments, monitoring & performance, renewals, and due diligence
Offboarding - Includes termination, exit plan execution, and TPRM closure

Additionally, oversight & accountability, documentation & reporting, and independent review are always occurring.

Revised By: Brittany Padgett Revised On: Sep 30, 2022 9:55 AM

Characters Edited: -681 Total: 553

4. Third-Party Risk Management Lifecycle

Every third-party relationship has a deal cycle that should include the following:

Scoping - Define what a vendor, service provider or third party is to your organization.
Inherent Risk and Criticality Assessment - The assessment of risk, based solely on the nature of the relationship - without consideration to any precautions or controls that are in place.
Due Diligence and Residual Risk Determination - After you understand the inherent risk, conduct due diligence to ensure risk is mitigated appropriately and effectively.
Vendor Selection and Contract Management - Use the risk assessment and due diligence data to determine any provisions that should be included in the vendor contract.
Ongoing Monitoring - Keep an eye on your third-party vendors after they sign the contract to ensure you're remaining aware of any new risk posed.
Termination - If it's time for the third-party vendor engagement to come to an end, follow the exit strategy and ensure you're terminating the third-party vendor relationship in accordance with contract terms.

Revised By: Venminder Inc Revised On: Oct 1, 2021 2:37 PM

Characters Edited: 786 Total: 1234

3. Third-Party Risk Management Lifecycle

When an organization outsources a product or service to a vendor, they must go through the following lifecycle phases: planning, risk assessment, due diligence & third-party selection, contract management, ongoing monitoring, exit strategy and termination. During the lifecycle, risk assessments and due diligence updates as well as documentation and reporting, oversight and accountability and independent reviews will constantly be happening.

Revised By: Venminder Inc Revised On: May 13, 2020 9:13 AM

Characters Edited: 0 Total: 448

2. Third Party Risk Management Lifecycle

Revised By: Venminder Inc Revised On: Apr 29, 2020 10:15 AM

Characters Edited: -647 Total: 448

1. Third Party Risk Management Lifecycle

Every third party relationship has a deal cycle that should include the following stages:

·       Planning – Building out the vendor management/third party risk policy, program and procedures documentation.
·       Due Diligence and Third Party Selection – Implementing pre-contract due diligence expectations as part of the third party vendor selection process, aka vendor vetting.
·       Contract Negotiation – Negotiation is done to help limit an organization’s liability, set expectations for all parties involved, include right to audit provisions and define due diligence expectations.
·       Ongoing Monitoring – During the entire third party relationship, ongoing monitoring and due diligence must be performed to assess any new risk issues that may arise, continue to monitor SLAs and thoroughly analyze due diligence.
·       Termination – When it’s time to end a third party contract, there must be steps outlined that include the plan to replace the third party or bring the function back in-house and how any data will be returned or destroyed.

Revised By: Venminder Inc Revised On: Nov 12, 2019 11:55 AM

Characters Edited: 0 Total: 1095