More Advanced
Third-Party Risk Managemen Resources
The State of Third-Party Risk Management 2023 survey provides insight into how organizations from a wide range of sizes and industries manage third-party risk today. Third-party risk management is more important today than ever, and will become even more important tomorrow. While third-party risk management is a well-established practice, it’s also a constantly evolving one. Read this Whitepaper to learn how your organization can continually adapt and change to effectively identify, assess, manage, and monitor vendor risks.
Top 21
01
State of Third-Party Risk Management 2023
Download Whitepaper
Position
Description
02
Check out this free policy template that contains best practice policy content, descriptions, and processes your organization can use as the foundation to customize and align to your own third-party risk management framework.
Third-Party Risk Management Policy
Download Template
whitepaper
template
03
Regardless of your industry, the third-party risk management lifecycle is a practical, risk-based framework to identify and mitigate issues that come from third-party relationships while also explaining ongoing and offboarding activities. Use this lifecycle to optimize your third-party risk management program and resources, achieve regulatory compliance, and protect your organization and its customers from vendor risk.
Third-Party Risk Management Lifecycle
Download Toolkit
04
As your organization develops and publicizes your commitments to CSR and ESG, the requirements inevitably must extend to your vendors to ensure you’re both operating under the same standards. There is a lot to consider when incorporating CSR and ESG into current third-party risk management workflows and processes – including updates to your policy, risk assessments, due diligence, contracts, questionnaires, and more.
Integrating ESG Into Your Third-Party Risk Management
Download Toolkit
05
It takes a lot of time and effort to onboard a new vendor. However, the work doesn’t stop when the contract is signed. It’s essential to continually confirm that the expected value from those vendor relationships is realized. Vendor score cards are a valuable tool to help you track and measure vendor performance. With this eBook and Scorecard Template, improve your understanding of vendor performance metrics.
Understanding Vendor Performance Metrics
Download eBook & Template
It’s important to formalize your third-party risk management standards and processes with governance documents (such as policy, program, procedures) and keep them updated. Use this comprehensive guide when developing, managing, and maintaining mature third-party risk management governance documentation.
How-to Guide: Developing and Maintaining Mature Third-Party Risk Management Governance Documentation
Download eBook
EBOOK AND SCORECARD TEMPLATE
06
Over the past several years, the way we access our information has undergone drastic changes. As many organizations have turned to cloud vendors to store sensitive information, it’s more important than ever to look at how you should assess cloud vendors. In many industries, the cloud hosts a lot of sensitive information. As data breaches become increasingly common, it’s crucial to understand what to assess when it comes to cloud vendors to protect your organization from severe risks and malicious actors.
How to Assess Cloud Vendors
08
Whether it’s in-person or virtual, site visits can provide you with a point-in-time assessment of your organization’s critical or high-risk vendors and answers to remaining questions. In partnership with assurance, accounting, tax, and consulting firm, Wipfli, we’ve put together this handy checklist and infographic to ensure your organization understands how to properly conduct them.
Vendor Site Visits
10
There are fourth-party related contract considerations to write into your third-party vendor agreements to clearly express your expectations and reduce the risk associated with third and fourth parties. Download the infographic to learn examples of fourth-party related clauses and how to write these requirements into your vendor contracts.
How to Write Fourth-Party Vendor Requirements Into the Contract
12
Contract management can be a challenging process within third-party risk management, but it’s a critical activity that protects your organization from vendor risk. While every organization will have unique needs when it comes to vendor contracts, it helps to understand some basic guidelines and sample contract language to ease the process. This eBook will serve as a tool for you and your organization to obtain a general understanding of vendor contract components and some helpful sample clauses.
Vendor Contract Considerations: Sample Languages and Recommended Tips
14
Understanding the risk, whether for new or existing third-party products or services, often starts with a questionnaire. Creating a questionnaire in and of itself can be quite a large task. A questionnaire shouldn’t be confused with a risk assessment as they’re two distinct items. Download the guide to learn our recommended steps for how to create a vendor risk questionnaire.
How-to Guide: Creating a Vendor Risk Questionnaire
16
Is your organization prepared to complete a true assessment of your vendor’s or supplier’s financial performance? Just collecting a financial statement from a vendor/supplier is not enough. Financial health affects the vendor’s/supplier’s capacity to continue to provide safe, secure, and quality products/services at the level you require, so you need to know what and why to assess.
The Importance of Vendor and Supplier Financial Performance
A key aspect of third-party risk management is the art of collaboration across multiple lines of business. Communication and collaboration are instrumental in implementing a consistent risk assessment process. Assessing the risk in a collaborative manner and leveraging internal resources will allow for a risk-based and documented approach, which will help guide your ongoing oversight function.
Applying Multiple Layers of Collaboration Within Vendor Risk Assessments
20
The time has come to prepare for an audit or regulatory exam. The process can be time-consuming and nerve-racking, even for experienced professionals. Sticking to a simple game plan will make an audit of any type much easier to manage. We’ve developed a handy checklist to help you ensure you’re prepared for your next audit or regulatory exam.
Third-Party Risk Management Audit
or Regulatory Exam
21
Your organization probably dedicates a lot of thought, time, and resources to its business continuity (BC) and disaster recovery (DR) planning and testing. Similarly, your third-party vendors should be just as committed to their plans and testing. How do you confirm that your vendors have effective business continuity and disaster recovery plans? Thise eBook covers the main sections that you should be searching for in each plan and what to know about each of them.
How to Analyze a Vendor’s Business Continuity and Disaster Recovery Plans
ebook
07
As the board sets your organization’s strategic direction and holds responsibility for achieving its objectives, you must strategize the best way to share vendor risk management activity with them. This complimentary toolkit includes reporting package templates and provides you with guidance on how to format board reports.
How to Report Vendor Risk Management Activity to the Board
09
Reviewing a SOC report is an important step in the vendor due diligence process. The report should tell you if your vendor has what’s needed to secure your data. We know assessing vendor SOC reports can be challenging. Download this eBook to help guide you through the review process and mitigate risk.
How to Review a Vendor SOC Report
11
Learn reasons why you are doing third party risk management and the high cost if you don’t. While using vendors is often the desirable way to go, you have to manage the relationship and hold the vendor accountable to acceptable standards. Vendor risk management may seem like a large investment; however, when you weigh the overall savings, there’s a huge ROI.
What Is the ROI of Vendor Risk Management?
17
Vendor relationships can end for many reasons. Your organization’s needs may have shifted and you’re looking for a different vendor that better aligns with your strategic goals or maybe your vendor is no longer meeting service level requirements. Whatever the reason for ending the relationship, you want to ensure you have an established offboarding process that minimizes any issues.
Offboarding a Vendor
15
Collecting vendor due diligence can feel extremely challenging. You feel like you’re constantly calling, emailing, and chasing your vendors to obtain the report you’ve needed for weeks. Then, once you’ve received the report, you realize the battle is only half over. You, or a subject matter expert (SME), must fully analyze and write a thorough assessment with your findings. In this eBook, we’ll break down how to do vendor due diligence reviews on 6 of the most common due diligence documents we see every day.
How to Do Vendor Due Diligence Reviews: The Complete Breakdown
19
Many often ask, “how many people should you dedicate to third-party risk management?” Regulatory guidance just reiterates the importance of adequate staffing, but nothing further. So, what is the right number? Investing in the resources to run an effective third-party risk management program leads to reduced risk, greater security, and greater value. We’ve put together this eBook to help you determine the amount of staff you need to dedicate.
How Many People Should You Dedicate to Third-Party Risk Management?
13
18
Download eBook
Download eBook
Download Toolkit
Download Infographic & Checklist
Download eBook
Download Infographic
Download eBook
Download eBook
Download Toolkit
Download eBook
Download eBook
Download Infographic
Download eBook
Download eBook
Download Checklist
EBOOK
toolkit
infographic
ebook
EBOOK
checklist
toolkit
toolkit
ebook
INFOGRAPHIC AND CHECKLIST
ebook
toolkit
ebook
ebook
ebook
ebook
Download Now
Fill out the form below to access the 21 More Advanced Third-Party Risk Management Resources.
Download PDF Version
02
Check out this free policy template thatcontains best practice policy content, descriptions, and processes your organization can use as the foundation to customize and align to your own third-party risk management framework.
Third-Party Risk Management Policy
template
03
Regardless of your industry, the third-party risk management lifecycle is a practical, risk-based framework to identify and mitigate issues that come from third-party relationships while also explaining ongoing and offboarding activities. Use this lifecycle to optimize your third-party risk management program and resources, achieve regulatory compliance, and protect your organization and its customers from vendor risk.
Third-Party Risk Management Lifecycle
toolkit
04
As your organization develops and publicizes your commitments to CSR and ESG, the requirements inevitably must extend to your vendors to ensure you’re both operating under the same standards. There is a lot to consider when incorporating CSR and ESG into current third-party risk management workflows and processes – including updatesto your policy, risk assessments, due diligence, contracts, questionnaires, and more.
Integrating ESG
Into Your Third-Party Risk Management
toolkit
05
It takes a lot of time and effort to onboard a new vendor. However, the work doesn’t stop when the contract is signed. It’s essential to continually confirm that the expected value from those vendor relationships is realized. Vendor score cards are a valuable tool to help you track and measure vendor performance. With this eBook and Scorecard Template, improve your understanding of vendor performance metrics.
Understanding Vendor Performance Metrics
Download eBook
EBOOK AND SCORECARD TEMPLATE
06
It’s important to formalize your third-party risk management standards and processeswith governance documents (such as policy, program, procedures) and keep them updated. Use this comprehensive guide when developing, managing, and maintaining mature third-party risk management governance documentation.
How-to Guide: Developing and Maintaining Mature Third-Party Risk Management Governance Documentation
ebook
07
Your organization probably dedicates a lot of thought, time, and resources to its business continuity (BC) and disaster recovery (DR) planning and testing. Similarly, your third-party vendors should be just as committed to their plans and testing. How do you confirm that your vendors have effective business continuity and disaster recovery plans? This eBook covers the main sections that you should be searching for in each plan and what to know about each of them.
How to Analyze a Vendor’s Business Continuity and Disaster Recovery Plans
Download eBook
ebook
08
Over the past several years, the way we access our information has undergone drastic changes. As many organizations have turned to cloud vendors to store sensitive information, it’s more important than ever to look at how you should assess cloud vendors. In many industries, the cloud hosts a lot of sensitive information. As data breaches become increasingly common, it’s crucial to understand what to assess when it comes to cloud vendors to protect your organization from severe risks and malicious actors.
How to Assess Cloud Vendors
ebook
09
As the board sets your organization’sstrategic direction and holds responsibilityfor achieving its objectives, you muststrategize the best way to share vendorrisk management activity with them. This complimentary toolkit includes reportingpackage templates and provides you withguidance on how to format board reports.
How to Report Vendor Risk Management Activity to the Board
Download Toolkit
toolkit
10
Whether it’s in-person or virtual, site visits can provide you with a point-in-time assessment of your organization’s critical or high-risk vendors and answers to remaining questions. In partnership with assurance, accounting, tax, and consulting firm, Wipfli, we’ve put together this handy checklist and infographic to ensure your organization understands how to properly conduct them.
Vendor Site Visits
INFOGRAPHIC AND CHECKLIST
11
Reviewing a SOC report is an important step in the vendor due diligence process. The report should tell you if your vendor has what’s needed to secure your data. We know assessing vendor SOC reports can be challenging. Download this eBook to help guide you through the review process and mitigate risk.
How to Review a Vendor SOC Report
Download eBook
ebook
12
There are fourth-party related contract considerations to write into your third-party vendor agreements to clearly express your expectations and reduce the risk associated with third and fourth parties. Download the infographic to learn examples of fourth-party related clauses and how to write these requirements into your vendor contracts.
How to Write Fourth-Party Vendor Requirements Into the Contract
infographic
13
Many often ask, “how many people should you dedicate to third-party risk management?” Regulatory guidance just reiterates the importance of adequate staffing, but nothing further. So, what is the right number? Investing in there sources to run an effective third-party risk management program leads to reduced risk, greater security, and greater value. We’ve put together this eBook to help you determine the amount of staff you need to dedicate.
How Many People Should You Dedicate to Third-Party Risk Management?
Download eBook
ebook
14
Contract management can be a challenging process within third-party risk management, but it’s a critical activity that protects your organization from vendor risk. While every organization will have unique needs when it comes to vendor contracts, it helps to understand some basic guidelines and sample contract language to ease the process. Thise eBook will serve as a tool for you and your organization to obtain a general understanding of vendor contract components and some helpful sample clauses.
Vendor Contract Considerations: Sample Languages and Recommended Tips
ebook
15
Vendor relationships can end for many reasons. Your organization’s needs may have shifted and you’re looking for a different vendor that better aligns with your strategic goals or maybe your vendor is nolonger meeting service level requirements. Whatever the reason for ending the relationship, you want to ensure you have an established offboarding process that minimizes any issues.
Offboarding a Vendor
Download Toolkit
toolkit
16
Understanding the risk, whether for new or existing third-party products or services, often starts with a questionnaire. Creating a questionnaire in and of itself can be quite a large task. A questionnaire shouldn’t be confused with a risk assessment as they’re two distinct items. Download the guide to learn our recommended steps for how to create a vendor risk questionnaire.
How-to Guide: Creatinga Vendor Risk Questionnaire
ebook
17
Learn reasons why you are doing third-party risk management and the high cost if you don’t. While using vendors is often the desirable way to go, you have to manage the relationship and hold the vendor accountable to acceptable standards. Vendor risk management may seem like a large investment; however, when you weigh the overall savings, there’s a huge ROI.
What Is the ROI
of Vendor Risk Management?
Download eBook
ebook
18
Is your organization prepared to complete a true assessment of your vendor’s or supplier’s financial performance? Just collecting a financial statement from a vendor/supplier is not enough. Financial health affects the vendor’s/supplier’s capacity to continue to provide safe, secure, and quality products/services at the level you require, so you need to know what and why to assess.
The Importance
of Vendor and Supplier Financial Performance
ebook
19
Collecting vendor due diligence can feel extremely challenging. You feel like you’re constantly calling, emailing, and chasing your vendors to obtain the report you’ve needed for weeks. Then, once you’ve received the report, you realize the battle is only half over. You, or a subject matter expert (SME), must fully analyze and write a thorough assessment with your findings. In this eBook, we’ll break down how to do vendor due diligence reviews on 6 of the most common due diligence documents we see every day.
How to Do Vendor DueDiligence Reviews: TheComplete Breakdown
Download eBook
ebook
20
A key aspect of third-party risk management is the art of collaboration across multiple lines of business. Communication and collaboration are instrumental in implementing a consistent risk assessment process. Assessing the risk in a collaborative manner and leveraging internal resources will allow for a risk-based and documented approach, which will help guide your ongoing oversight function.
Applying Multiple Layers of Collaboration Within Vendor Risk Assessments
ebook
21
The time has come to prepare for an auditor regulatory exam. The process can be time-consuming and nerve-racking, even for experienced professionals. Sticking to a simple game plan will make an audit of any type much easier to manage. We’ve developed a handy checklist to help you ensure you’re prepared for your next audit or regulatory exam.
Third-Party Risk Management Audit or Regulatory Exam
Download Checklist
checklist
ebook
Download Template
Download Toolkit
Download Toolkit
Download eBook
Download eBook
Download Infographic & Checklist
Download Infographic
Download eBook
Download eBook
Download eBook
Download eBook
