Policy, Program and Procedures

Welcome to the Policy, Program and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program and procedures, best practices, ideas, tips, guidance, how to implement and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third Party Risk Policy, Program and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Hello! We do have a vendor management policy and standard which provide guidelines for when the RFI/RFP process should be used. There are a variety of factors which could trigger the RFP process, such as overall cost (select a threshold, for example ... More

  • Profile Picture

    When to use an RFP?

    I am formalizing Penn National Insurance's Vendor Management policy. I was asked to add guidelines around when an RFP (Request for Proposal) should or should not be used. Does your organization have a formal vendor management policy or vendor selection ... More

  • Profile Picture

    RE: Law Firms

    This message was posted by a user wishing to remain anonymous Thank you for your feedback. More

  • Profile Picture

    RE: Law Firms

    Attorney firms utilize Case Management systems which contain restricted and confidential information that requires sufficient physical and logical controls that should be evaluated for sufficiency when reviewing a firm- What does the firm have access ... More

  • Profile Picture

    RE: Law Firms

    Attorney-client privilege communications are protected in litigation discovery, but those communications can still be obtained with a subpoena or through deposition. It's only communications between attorney and client that are protected so, without more ... More

ThinkTank Announcements

  • COVID-19 Resources Page

    Hi Everyone,   With the COVID-19 pandemic upon us, organizations are implementing their pandemic plans, many employees are working remotely and changes in vendor management are rapidly occurring. In the industry, it has raised lot of questions about pandemic planning and best practices and reminds ... More
  • Happy New Year - We Want Your Feedback!

    Happy New Year ThinkTank members! We hope you've found the community discussions this past year to be enlightening and engaging. As we head into 2020, we want to hear your thoughts and feedback as it'll help us continue to understand what you'd like to see more of in the Third Party ThinkTank Community. ... More
  • Community Update - 600+ Members

    Hi Everyone, I wanted to provide an exciting update! The community has now surpassed 600 members and we see wonderful discussions going. We hope you’re finding them valuable. It’s our goal to always provide you a dedicated space to network, collaborate and stay educated. As we continue to grow ... More
  • New Resources Available

    Hi Everyone, Happy Friday! I wanted to share some new resources available to the community… Contract Negotiation: Venminder has released a new infographic, Contract Negotiation Best Practices, you’ll find it for download on the Contract Management resources page. Click here. Bootcamp: We had ... More
  • Welcome to the Community!

    Hi Everyone!   Thanks for joining the Third Party ThinkTank Community! It’s really great to have you on board.   I’m Brittany Padgett, the Community Manager, and it’s my job to help assist you as we all work together to build this community. The main way we can do that is by encouraging ... More


Most Active Users List

Log in to see this information