Policy, Program and Procedures

Welcome to the Policy, Program and Procedures Community. Here you will find the latest discussions and resources that can help you in this area. This community focuses on creating a policy, program and procedures, best practices, ideas, tips, guidance, how to implement and more. Note: You will need to Sign In to join in the discussions and access resources. 

About Third Party Risk Policy, Program and Procedures: Successful vendor risk management requires a fully documented set of practices. Regulators and examiners expect you to have three written documents – a policy, program and procedures. These documents must be updated at least annually or more frequently as guidance changes or significant organizational changes occur. And, it’s important the work product produced matches what the policy and program documentation says.  

Latest Discussion Posts

  • Our position is that all Personal Information is handled as confidential information and gets the strictest due diligence for governance. Personal Information has many forms and has many layers. If you have the data controller's opt-in, you can gather ... More

  • I have seen this question discussed multiple times in many outlets out there. Name, address and phone numbers are not always considered confidential or private if they are already in the public domain. Third Party Management offices struggle with ... More

  • Profile Picture

    RE: Team Structure

    Precisely how you structure to deliver vendor management is based on a number of factors. While there's no one-size-fits-all answer, there are some common things you should consider in setting up your Vendor Management operating model and organizational ... More

  • Profile Picture

    RE: Team Structure

    Depending on the size of the team, I think a good way to structure Vendor Management is with a "center lead" model. Vendor Management is given organizational authority and creates the policies, processes, and best practices that everyone will use. Additionally, ... More

  • Profile Picture

    RE: Team Structure

    This message was posted by a user wishing to remain anonymous Good Morning! There has to be some level of centralization with Vendor Management since the information gathered as part of risk assessments should be rolled up and reported to the top decision ... More

ThinkTank Announcements

  • Seeking Your Input - Annual TPRM Survey!

    Hi Community Members, We’re looking for your valuable input! Venminder is conducting their annual survey for the State of Third-Party Risk Management 2021 whitepaper and we’re hoping you may have 5 minutes to spare to help out and take the survey. The complimentary whitepaper will be released in early ... More
  • Community Update - 1,000 Members

    Hi Everyone, I want to share some very exciting news with you all. We have reached 1,000 community members! This is a milestone we’re very proud of and it’s all thanks to the fantastic third-party risk conversations you all are having every day. As always, please let me know if you have any thoughts ... More
  • COVID-19 Resources Page

    Hi Everyone,   With the COVID-19 pandemic upon us, organizations are implementing their pandemic plans, many employees are working remotely and changes in vendor management are rapidly occurring. In the industry, it has raised lot of questions about pandemic planning and best practices and reminds ... More
  • Happy New Year - We Want Your Feedback!

    Happy New Year ThinkTank members! We hope you've found the community discussions this past year to be enlightening and engaging. As we head into 2020, we want to hear your thoughts and feedback as it'll help us continue to understand what you'd like to see more of in the Third Party ThinkTank Community. ... More