Often called the desktop procedures, the document is designed to be a step-by-step recipe for every facet of third-party risk but written in such a way that anyone could follow the steps and come to generally the same work product.