With this third-party risk framework, responsibility of vendor management rests with a single group, such as the compliance office or the third-party risk management team. This approach can ensure consistency but will often create some knowledge gaps with vendor managers by excluding them from the TPRM process.