Interactive Guide to Third-Party Risk Management Lifecycle

Learn the steps of the lifecycle to protect your organization from vendor risks.

Third Party Risk Management Program Toolkit

Outer Layers

Learn about Oversight & Accountability, Documentation & Reporting and Independent Reviews


A great way to ensure you’re getting the most out of your (probably limited) third-party risk management resources is having a clearly defined scope for what does and doesn't need to go through this process.

Lifecycle stages

Stage 1: Inherent Risk & Criticality Assessment

Stage 2: Due Diligence & Residual Risk Determination

Stage 3: Vendor Selection & Contract Management

Stage 4: Ongoing Monitoring


Finally, there comes a time when an engagement must come to an end. Be it because of a vendor’s failure to perform, a contract term is up or you just need to move on to bigger and better things; there should always be some consideration into how the termination processes may look for any particular vendor.

5 Best Practices to Consider During the Entire Third-Party Risk Management Lifecycle

When done well, the third-party risk management lifecycle keeps your organization on track and protected from vendor risk that can be avoided.