With this third-party risk framework, the vendor management office sets the guidelines and checks the results while working closely with the business units.