The third-party risk management lifecycle is a systematic process to identify, assess, mitigate, and monitor third-party risks throughout the relationship with a vendor. The lifecycle is divided into three core stages: onboarding, ongoing, and offboarding.