Risk Assessments

 View Only

Welcome to the Risk Assessments Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss anything about doing vendor risk assessments. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Assessments: The risk assessment process is a fundamental foundation of a well-managed third-party risk program. A disciplined approach and repeatable process can lay a firm basis for better informed due diligence, structured ongoing monitoring, and meaningful impact in mitigating concerns introduced by your organization's third parties. Taking it a step further, understanding how to mitigate inherent vendor risk is crucial to determining if the benefits of the outsourced product or service outweigh the risk posed.

Latest Discussion Posts

  • Profile Picture

    On-Premise vs. Hosted Technology

    By: Tim Barthold , 22 days ago

    Good Afternoon, I'm curious to hear perspectives on how your TPRM program treats third-party technology installed on-premise/on-site, versus a hosted or SaaS type relationship. We designed our risk assessment to elevate the risk of technology engagements ... More

  • Profile Picture

    Template for certification

    By: Anonymous Member , one month ago

    This message was posted by a user wishing to remain anonymous I am looking to upgrade our program and it's documentation. Does anyone have a document template that they are using and would be able to share that indicates if you have either passed or ... More

  • Profile Picture

    RE: Vendor acquired after assessment was completed

    By: Michelle Chase , one month ago

    If they have just been acquired, likely they continue to work on combining operations, policies and procedures. For many of the controls, there may not yet be an impact. I would suggest at minimum a financial review of the acquiring entity to make sure ... More

  • Profile Picture

    Vendor acquired after assessment was completed

    By: Anonymous Member , one month ago

    This message was posted by a user wishing to remain anonymous Hello, Recently we completed our risk assessment and due diligence on one of our vendors (Moderate vendor - RA & DD every other year). However, 3 months later they agreed to be acquired by ... More

    1 person likes this.
  • Profile Picture

    RE: Questions for Residual risk assessments

    By: Tom Simmons , one month ago

    Any chance you'd be willing to share your questionnaire with me? [Email removed by Community Manager for privacy and security reasons. If you need the member's contact information, please message them directly by going to their member profile in the ... More

Polls


Most Active Users List