Risk Assessments

 View Only

Welcome to the Risk Assessments Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss anything about doing vendor risk assessments. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Assessments: The risk assessment process is a fundamental foundation of a well-managed third-party risk program. A disciplined approach and repeatable process can lay a firm basis for better informed due diligence, structured ongoing monitoring, and meaningful impact in mitigating concerns introduced by your organization's third parties. Taking it a step further, understanding how to mitigate inherent vendor risk is crucial to determining if the benefits of the outsourced product or service outweigh the risk posed.

Latest Discussion Posts

  • Profile Picture

    RE: 4th Party Inventory

    By: Christine Kitamura , 12 hours ago

    Material or critical fourth parties can still expose your organization to risk, so you're definitely on the right track of wanting to identify them. The good news is that these critical fourth parties can be identified in your third parties' SOC ... More

  • Profile Picture

    4th Party Inventory

    By: Anonymous Member , 8 days ago

    This message was posted by a user wishing to remain anonymous Hello. I'm in the process of building contract owner guidance for identification of material 4th parties. What criteria do you provide to contract owners and/or your third parties to obtain ... More

  • Profile Picture

    RE: Risk Assessment Template Request

    By: Leah Beverly , 14 days ago

    Thank you for your insight Christine! This was really helpful. More

  • Profile Picture

    RE: Risk Assessment Template Request

    By: Christine Kitamura , 14 days ago

    Hi Leah, For a vendor that provides online banking and ACH positive pay services, I would suggest starting with something standard like the Standardized Information Gathering (SIG) questionnaire or one from NIST. These will give you a broad understanding ... More

  • Profile Picture

    RE: Completed Risk Assessments

    By: Anthony Schweiger , 21 days ago

    Sounds like you have ERM Framework you are comfortable with. Ours is proprietary and honed over time. It also sounds like there is some duplication between IA and you. Strongly suggest you have a singular standard against which vendors will be assessed ... More

Polls

Most Active Users List