At this stage, TPRM is about creating an initial risk profile for the potential third-party. This profile helps you to understand how critical they might be to your organisation.
Here, TPRM is about gathering external data about the third party and have them complete a self-assessment. This helps you understand their operations and the risks they might bring.
When you are ready to formalise the relationship, TPRM ensures that the right clauses are included in the contract. This includes agreements on risks that need fixing including the deadlines.
This is an ongoing stage where you need to keep an eye on the third party. You may use a mix of monitoring for adverse news and other data feeds, dependent on the risks that are in play.
Depending on how important the third party is, you might reassess them periodically, like sending out another self-assessment after one or two years, or when renewing the contract.
If the relationship ends, TPRM ensures that checklists are followed to make sure all the agreements in the contract are met. This is to ensure a smooth and compliant conclusion.
Our platform cuts down the time you spend on tasks like following up with people, planning tasks, sending out assessments, and checking results. This is a big improvement over using traditional spreadsheets or rigid Governance, Risk and Control (GRC) systems. To see how much time our software can save you, try out the calculator we offer. It's an easy way to see the big change our platform can bring to your work.It is a simple way to see the big difference our platform can make for you.
Provide the number of third parties and the number of assessments per third-party you want to send annually.
Annual hours saved compared to a spreadsheet approach or when using rigid GRC-systems.
Here's how to initiate your third-party risk management program in seven steps: