Risk Assessments

 View Only

Welcome to the Risk Assessments Community. Here you will find the latest discussions and resources that can help you in this area. Use this community to discuss anything about doing vendor risk assessments. Note: You will need to Sign In to join in the discussions and access resources. 

About Third-Party Risk Assessments: The risk assessment process is a fundamental foundation of a well-managed third-party risk program. A disciplined approach and repeatable process can lay a firm basis for better informed due diligence, structured ongoing monitoring, and meaningful impact in mitigating concerns introduced by your organization's third parties. Taking it a step further, understanding how to mitigate inherent vendor risk is crucial to determining if the benefits of the outsourced product or service outweigh the risk posed.

Latest Discussion Posts

  • Thank you Premika Mishra for your comments. Greatly appreciated. More

  • The cadence for also depends on your risk appetite and available resources. In our organization, we have a single risk manager overseeing a growing portfolio of third parties. Risk thresholds are defined by Tiers, with Tier 3 representing moderate risk ... More

  • Thank you Cheryl Turner and the other individual for your timely and helpful responses! More

  • We do the same. More

  • Profile Picture

    Low Impact Vendors and Penetration Tests

    This message was posted by a user wishing to remain anonymous We are a local entity performing our Third Party Risk Assessments based on the category of the system and information. In a recent review, we had push back from a security manager who ... More