Getting Started

business-case-third-party-risk-management

A Business Case for Third-Party Risk Management

Organizations are increasingly outsourcing products and services to gain a competitive advantage. While third parties are often essential to provide certain products and services, they can also expose organizations to risky situations. This business case for third-party risk management explores why your organization should invest in third-party risk management.
DOWNLOAD NOW

how-get-buy-in-commitment-third-party-risk-management

How to Get Buy-In and Commitment for Third-Party Risk Management

It's easy to assume that everyone understands why organizations need a TPRM program, but it can be challenging to get all stakeholders to understand the need and importance. This eBook explores how you can articulate the many requirements and benefits for your stakeholders to enhance their understanding and improve their TPRM program buy-in.
DOWNLOAD NOW

infographic-what-process-vendor-risk-management

What Is the Process of Vendor Risk Management?

Vendor risk management is the process and ongoing practice of identifying, assessing, managing, and monitoring the risks posed to your organization and its customers through vendor relationships. We'll dive deeper into the process of effective vendor risk management in this infographic. 
DOWNLOAD NOW

resources-toolkit-who-responsible-third-party-risk-management.png

Who Is Responsible for Third-Party Risk Management?

Effective third-party risk management ensures that various responsibilities and requirements are distributed across a range of accountable stakeholders, each with a specific job to do. In this toolkit, explore the various roles and responsibilities involved in third-party risk management to ensure your program is effective.
DOWNLOAD NOW

resources-infographic-jump-into-vendor-risk-management

11 Things to Do Before You Jump Into Vendor Risk Management

If you haven’t already, now is the time to get on top of vendor management. Whether you are new to vendor management, or simply need a refresher, use the 11 tips in this infographic to help you prepare yourself for properly managing vendor risk.
DOWNLOAD NOW

08.02.2019-resources-choosing-the-right-third-party-operating-model.jpg

Choosing the Right Third Party Risk Operating Model

Because there's no one-size-fits all approach to vendor management, determine which model will help you reach goals. This eBook covers the approaches, differences between them and advantages and disadvantages of each.
DOWNLOAD NOW

infographic-resources-differences-vm-models.png

The Differences Between Vendor Management Models

Choosing the model for how your organization approaches vendor management is important. Find out the different models, how each model works and the advantages and disadvantages of each.
DOWNLOAD NOW

Infographic_resources_Navigating_Your_Vendor_Management.jpg

Navigating Your Vendor Management

It takes a lot of skill to navigate your way through the world of third party risk, especially as the road has many twists and turns. To help you and your team, here's a simple infographic on 7 of the most common dangerous potholes.
DOWNLOAD NOW

infographic-creating-vendor-risk-program-protects.jpg

Creating a VRM Program that Protects Your Organization

Managing the multi-faceted risks that vendors pose today is a daunting task. This infographic covers what to do to protect your organization’s data, 5 critical elements for your program and an overview of different lifecycle stages.
DOWNLOAD NOW

how-to-use-raci-method-third-party-risk-management-responsibilities

How to Use the RACI Method to Determine Third-Party Risk Management Responsibilities

Defining roles and responsibilities for your TPRM program is an essential step. One of the most effective methods to use in this process is called RACI, which refers to identifying the individuals that are responsible, accountable, consulted, and informed for TPRM tasks. Read this infographic and use the template.
DOWNLOAD NOW

third-party-risk-management-reports-maintain

6 Third-Party Risk Management Reports to Maintain

Third-party risk management stakeholders, such as risk committees, senior leadership, and the board of directors, need high-quality reports that will support their decision-making. Use this infographic as a guideline for important data to collect and continuously update, and ensure that the appropriate stakeholders are well-informed.
DOWNLOAD NOW

Top Third-Party Risk Management Terms to Know

There are so many terms and acronyms used in third-party risk management. It can be difficult to keep everything straight. Use this glossary of the top third-party risk terms and phrases to help you be successful and to better understand third-party risk concepts.
DOWNLOAD NOW

resources-infographic-what-why-who-how-vendor-risk-management

What/Why/Who/How of Vendor Risk Management

Vendor risk management involves securing the organization's operations against avoidable interruptions, controlling costs, driving service excellence, protecting your brand and reputation, and ensuring regulatory and legal compliance. There's a lot to know to have a successful vendor risk management program. This infographic breaks down the what, why, who, and how.
DOWNLOAD NOW

resources-guide-creating-your-third-party-risk-management-program-steps

Creating Your Third-Party Risk Management Program: A Step-By-Step Guide

Have you been tasked with building a TPRM program from scratch? Developing and implementing a TPRM program requires considerable planning, coordination, and as they say, good old-fashioned hard work. Use this step-by-step guide to develop a TPRM program that meets regulatory requirements and best practices and helps your organization manage third-party risks effectively.
DOWNLOAD NOW

resources-infographic-vendor-risk-management-cheat-sheet.png

Vendor Risk Management Cheat Sheet

There are several critical elements your vendor risk management program should have that will greatly contribute to your success. Whether you're new to vendor risk management or want to take your program to the next level, this cheat sheet will help you lay the foundation.
DOWNLOAD NOW

resources-guide-essential-third-party-risk-management.png

The Essential Third-Party Risk Management Guide

Even though third-party risk management is a complex practice with many interdependent processes and stakeholders, it doesn’t have to be overwhelming and impossible. In this guide, learn essential building blocks for implementing a successful third-party risk management program.
DOWNLOAD NOW

resources-ebook-how-to-engage-educate-enable-vendor-managers-png

How to Engage, Educate and Enable Your Vendor Managers

Vendor managers play a crucial role in your vendor management program. To help teams build and maintain effective and mutually beneficial relationships with their line of business vendor managers, the "three E's" come in - Engagement, Education and Enablement. Read this eBook.
DOWNLOAD NOW

resources-eBook-setting-expectations-third-parties-playbook

Setting Expectations with Prospective Third Parties: A Playbook for Third-Party Risk Managers

Clearly communicating and setting expectations with your third party is essential. Read the playbook specifically designed to support third-party risk management teams and third-party vendor managers.

DOWNLOAD NOW

resources-infographic-14-third-party-risk-management-myths-to-ditch

14 Third-Party Risk Management Myths to Ditch

In an era where you can instantly communicate with someone on the other side of the planet and find information on virtually anything, there’s a real danger of believing wrong information. We see this often and there are a few common third-party risk management misconceptions that you should make sure to ditch.

DOWNLOAD NOW

infographic-resources-bank-credit-union-what-is-vendor-management.png

Third Party Risk - What Is Vendor Management

Vendor management. Third party risk management. What does it mean? Learn how to identify vendors, essential steps of vendor management, prioritizing according to risk level and importance of fourth parties.
DOWNLOAD NOW

resources-infographic-building-effective-vm-program.png

Building an Effective Vendor Management Program

Financial, operational and reputational risks are negative exposure pain points to protect against. This infographic covers 9 steps for developing an effective vendor management program, importance of due diligence and more.
DOWNLOAD NOW

ebook_resources_guidance_tprm.png

Guidance and Regulations on Third Party Risk Management

It's good to keep an eye on the most recent and stringent guidance to meet those standards and follow best-in-class practices. Learn third party risk guidance from major regulators, key takeaways and incorporation tips.
DOWNLOAD NOW

infographic_resources_vendor_management_st_patricks_day.jpg

A St. Patrick's Day Infographic - The Lucky Clovers

While the proper vendor management program involves more than just luck, for a well-documented, well-planned and executed program, make sure that each of the basic principles covered on the leaves on these clovers are covered.
DOWNLOAD NOW

infographic-resources-scope-of-your-actively-managed-vendors.png

Scope of Your Actively Managed Vendors

You determine who your active third parties are? From a risk standpoint, some vendors should be managed more actively than others. Learn active and in-active examples, 5 areas to cover with actively managed ones and more.
DOWNLOAD NOW

ebook_resources_vrm_ppp.png

Guide to Your TPRM Policy, Program and Procedures

Learn the key components of your high-level third party risk management policy, comprehensive program and detailed procedures along with tips, using lines of defense strategy and best practices for using all 3.
DOWNLOAD NOW

infographic-6-elements-of-a-successful-vendor-risk-management-program-1.jpg

6 Elements of a Successful VRM Program

To ensure your program is successful, it's critical you focus on the more important elements involved in the process. This eBook covers 6 elements of a successful program, steps to take and importance of each.
DOWNLOAD NOW

eBook_resources_Mini_Vendor_Management_Handbook.png

Mini Vendor Management Handbook

Successful vendor risk management starts with knowing who your vendors are and having a process in place that keeps your list and process up-to-date. This eBook helps you with that, the vendor lifecycle stages and more.
DOWNLOAD NOW

resources-lets-solve-third-party-risk-puzzle.png

Let's Solve the Third Party Risk Management Puzzle

Put your knowledge to the test by downloading this crossword puzzle that is filled with third party risk clues and phrases. Download and test yourself, or your colleagues, to see who has learned the most about vendor risk management this year!
DOWNLOAD NOW

Infographic_resources_Key_Components_of_a_Good_Vendor_Management_Program.jpg

7 Key Components of a Good Vendor Management Program

Vendor management is not an optional activity, it's required by regulation. Examiners will review your program and expect to see evidence of program maturity.
DOWNLOAD NOW

Managing Third Party Risk

When you outsource a product or service, you're adding risk to your organization. By managing the risks, you can protect your organization. In this 90-second video, you will learn about the different phases involved in vendor management. 

9 Steps to Creating an Effective Vendor Management Program

To protect your organization, you need an effective third party risk management program. Watch this 90-second video to learn 9 steps to take in order to create a third party risk program. 

Latest Discussions List

  • Posted in: Reporting

    While each organization will have its own processes in place, it is a reasonable question on how and when to inform stakeholders of risk remediation plans. The key is to identify the roles that stakeholders hold in the individual process. This can be ...

  • This sounds very similar to our "partner" program. Prior to the creation of our TPRM team, there was no governance around these relationships. But now, we perform the actions Hilary called out: we have a direct contract with the partner, we perform ...

  • You are facing an interesting situation. However, without knowing the details of the contract, there is a potential detail that raises a red flag. If your organization owns the customer touchpoints, you must access, process, transmit, or store customer ...

  • The following linked pdf was provided as a resource by the Third Party Risk Association (TPRA) and may be helpful. If you are not already a member of the association, you may want to consider joining under the free membership. I highly recommend. ...

  • I am looking for input for what others do to right size insurance requirements for vendors they do business with? What parameters do you use and how do you determine the amount of insurance coverage that you require the vendor to carry?