Policy, Program and Procedures

 View Only

Welcome to the Policy, Program and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program and procedures, best practices, ideas, tips, guidance, how to implement and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third Party Risk Policy, Program and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Profile Picture

    RE: Implementation

    Thanks for your response, very kind of you and helpful. :) More

  • So my advice is always to look at the FDIC guidance FIL-44-2008. (if you're a Bank you may already be familiar with it) It breaks the program into 4 elements. 1. Sourcing (you can table that process for now) 2. Risk Assessment and Due Diligence life ... More

  • Profile Picture


    This message was posted by a user wishing to remain anonymous Hi all, We are in the process of implementing the TPRM for the 1st time our organization, & ready with process flow, Policy & procedure involving all the stakeholders. Do anyone have the ... More

  • Hi, Am looking out for opportunity. Please let me know if my profile suits your requirement. I have around 10 years of experience out of which 7 Years into TPRM , VRM & Cyber Security Audits based out of Bangalore, India. I have attached my profile for ... More

  • Profile Picture

    Hiring suggestions for Third Party Risk

    This message was posted by a user wishing to remain anonymous Hi All, We are based out of Canada and I am looking to hire a couple of resources (on contract) for my Third Party Risk team. Could you please share which sources work best for you? Are there ... More