If your vendor relationship hasn't changed much, start by asking what has changed in the last 12 months (or 6 months, depending on your review frequency). From there, gather any relevant control documents that support the product/service hosted ...
Determining criticality can be challenging as you did not specify which industry you are in, as each sector has different qualifiers. For a financial institution, criticality could be assessed based on several factors, such as whether the outsourced ...
Hello, We also use individual risk area scores (we have 10 risk areas we assess) instead of an aggregated risk score or tiering for similar reasons. This allows us to focus on specific risks and managing them and assures they aren't tiered ...
This is how we determine if a vendor is critical: Whether a vendor is critical has more to do with whether the product or service they provide to us is critical, and how reliant we are on the product/service to operate. ...
I've attached the questionnaire we use annually.
This Week's Power Users
Join a community dedicated to an area of third-party risk including contracts, infosec, risk assessments, policies, and more.
Gain TPRM knowledge fast. Read through these latest blog articles.
Meet, connect, and network with other users using the same third-party risk tool as you - get support and share new ideas and best practices.
Download the latest guides, infographics, samples, whitepapers, checklists, and more that can help guide you through best practices on third party risk. Visit Resources
Register and join live webinars to learn current trends and best practices from knowledgeable experts.Register Now