Risk Assessments

 View Only

Welcome to the Risk Assessments Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss anything about doing vendor risk assessments. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Assessments: The risk assessment process is a fundamental foundation of a well-managed third-party risk program. A disciplined approach and repeatable process can lay a firm basis for better informed due diligence, structured ongoing monitoring, and meaningful impact in mitigating concerns introduced by your organization's third parties. Taking it a step further, understanding how to mitigate inherent vendor risk is crucial to determining if the benefits of the outsourced product or service outweigh the risk posed.

Latest Discussion Posts

  • Enterprise Resource Planning solutions will typically be critical vendors with high risk driven by the companies data involved. The answer is yes, consider the implementation, not just the solution/vendor level of due-diligence. This is because solution ... More

  • Hi, Yes, I'd recommend the following: Classifications: High. Medium, Low. Risk Assessment gauges risk across Inherent risk categories include the following: Business Continuity, Compliance, Concentration, Country, Credit, Cyber, ... More

  • Profile Picture

    Global or Regional Service Classification templates ?

    This message was posted by a user wishing to remain anonymous Hi We are a FS firm that operates in multiple regulated jurisdictions, each with their own, albeit similar Outsourcing regulations. How do others approach the classification and risk ... More

  • Profile Picture

    ERP and other Enterprise Solutions

    This message was posted by a user wishing to remain anonymous Hello Community, How are folks scoping and conducting assessments for enterprise solutions such as big name ERP solutions? SOC2's and long lists of compliance certifications are readily ... More

  • Profile Picture

    RE: Vendor A integration with Vendor B

    Yes, being notified of a data sharing change would be a part of TPRM's ongoing monitoring practices. The next step would be to assess what the change is and the impacts of that change. For example, if the change includes one of the vendors processing ... More