Third-Party Risk Management Resources
We’ve reinvented the third-party risk management lifecycle! Regardless of your industry, the third-party risk management lifecycle is a practical, risk-based framework to identify and mitigate issues that come from third-party relationships while also explaining ongoing and offboarding activities. Use this lifecycle to optimize your third-party risk management program and resources, achieve regulatory compliance, and protect your organization and its customers from vendor risk.
Top 21
for Beginners
01
The Third-Party Risk
Management Lifecycle
Download Toolkit
Position
Description
02
Check out this free policy template that contains best practice policy content, descriptions, and processes your organization can use as the foundation to customize and align to your own third-party risk management framework.
Third-Party Risk Management Policy Template
Download Template
toolkit
template
03
Due diligence is not a static, one-time event. It should be refreshed periodically, risk-based, and tailored to match the product or service provided by a third party along with the level of risk. We've put together a checklist with items you may want to gather based on if your vendor is classified as low, moderate, or high risk.
Due Diligence Checklist for Low, Moderate, and High-Risk Vendors
Download Checklist
04
Collecting vendor due diligence can feel extremely challenging. You feel like you're constantly calling, emailing, and chasing your vendors to obtain the report you've needed for weeks. Then, once you've received the report, you realize the battle is only half over. You, or a subject matter expert (SME), must fully analyze and write a thorough assessment with your findings. In this eBook, we'll break down how to do vendor due diligence reviews on 6 of the most common due diligence documents we see every day.
How to Do Vendor Due Diligence Reviews: The Complete Breakdown
Download eBook
05
Your critical vendors provide products or services which your organization is highly dependent on. One of the most challenging exercises in third-party risk management is learning how to establish standards for identifying who those critical vendors are. Learn the questions you can ask to determine if a vendor is critical or non-critical.
Identifying Critical Vendors: 6 Fool-Proof Questions
Download Infographic
To verify your vendor has adequate internal controls in place to protect your data, you must request and assess their SOC reports. It can get confusing what each SOC report covers and what each report means. To help guide you and your team in understanding what those differences are, we've created a simple one-page infographic.
Understanding the Differences Between a Vendor SOC 1, 2, 3
Download Infographic
Infographic
06
As part of your vendor due diligence process and regardless of risk level, there are 19 things your organization should be doing when vetting all third parties. Don't overlook these 19 items on any vendor with which you do business.
Vendor Vetting: 19 Things You Should Be Doing
08
In order to fully understand vendor risk, you need to closely examine cybersecurity protocols. Asking the right questions and obtaining proper documentation will help you more accurately assess the risk posed to your organization. To help ensure you gather the information you need when analyzing your vendor's cybersecurity, use this handy checklist.
Vendor Cybersecurity
10
During the ongoing stage of the third-party risk management lifecycle, it's important to stay on top of upcoming vendor contract renewals. The contract renewal process is just as significant as the first time you signed the dotted line. This helpful checklist will assist you throughout the process.
Vendor Contract Renewals
12
Third-party risk management is a complex process that involves many rules, requirements, and processes, all of which must be formalized and documented. There are typically three governance documents: policy, program, and procedures. This eBook will explain what each document is intended to accomplish, what content it should contain, for whom it's intended, as well as helpful tips.
Guide to Your Third-Party Risk Management Policy, Program, and Procedures
14
Data breaches have been on the rise lately. Hackers don't discriminate when looking for an asset to attack. And, it's not so much IF you'll be breached, but WHEN. You need to understand what a vendor data breach means to you and the next steps and best practices to implement to handle the breach so that it limits the impact to you and your customers.
My Vendor Has Suffered a Data Breach. Now What?
16
As part of your vendor risk management, you should be reviewing your vendor's financial statements. But what happens if you see a decline in that vendor's income and financial performance? To protect your organization there are some warning signs to look out for. We've put together an infographic to help you and your team be aware of what the consequences are and your steps for recourse.
Vendor Financial Health Monitoring: Warning Signs to Watch Out For
Many often ask, "how many people should you dedicate to third-party risk management?" Regulatory guidance just reiterates the importance of adequate staffing, but nothing further. So, what is the right number? Investing in the resources to run an effective third-party risk management program leads to reduced risk, greater security, and greater value. We've put together this eBook to help you determine the amount of staff you need to dedicate.
How Many People Should You Dedicate to Third-Party Risk Management?
20
The success of a third-party risk management program depends on a carefully integrated combination of rules, tools, processes, and people. With so many interdependent components, it can be difficult to know exactly where your program is and how to take it to the next level. Learn the existing well-established roadmap you can follow, known as the third-party/vendor risk management lifecycle, which was specifically designed to help you identify, assess, manage, and monitor vendor risk in your organization.
Guidance on How to Master Third-Party Risk Management in 2023
21
In order to meet regulatory requirements and have a successful third-party risk management program, it's important that you have all of the necessary documents and procedures in place. Whether you're just getting started or simply are looking to refresh your program, use this comprehensive checklist to guide you to successful third-party risk management.
Third-Party Risk Management
checklist
07
The time has come to prepare for an audit or regulatory exam. The process can be time-consuming and nerve-racking, even for experienced professionals. Sticking to a simple game plan will make an audit of any type much easier to manage. We've developed a handy checklist to help you ensure you’re prepared for your next audit or regulatory exam.
Third-Party Risk Management Audit or Regulatory Exam
09
Reviewing a SOC report is an important step in the vendor due diligence process. The report should tell you if your vendor has what's needed to secure your data. We know that assessing vendor SOC reports can be challenging. Download this eBook to help guide you through the review process and mitigate risk.
How to Review a Vendor SOC Report
11
Your organization probably dedicates a lot of thought, time, and resources to its business continuity (BC) and disaster recovery (DR) planning and testing. Similarly, your third-party vendors should be just as committed to their plans and testing. How do you confirm that your vendors have effective business continuity and disaster recovery plans? This eBook covers the main sections that you should be searching for in each plan and what to know about each of them.
How to Analyze a Vendor’s Business Continuity and Disaster Recovery Plans
17
Determining the inherent risk and the residual risk of your third parties is a key element of doing a robust risk assessment properly. But, what is the difference between inherent and residual risk? We have it covered in our infographic.
Inherent vs Residual Vendor Risk
15
Vendor relationships can end for many reasons. Your organization's needs may have shifted and you're looking for a different vendor that better aligns with your strategic goals or maybe your vendor is no longer meeting service level requirements. Whatever the reason for ending the relationship, you want to ensure you have an established offboarding process that minimizes any issues.
Offboarding a Vendor
19
A primary pain point organizations are currently facing in third-party risk management is the document collection process. While it may be a time-consuming process, it's crucial that you handle each step thoroughly. That's why we've put together this infographic with 10 tips to help you collect vendor due diligence documents more efficiently.
10 Tips for Collecting Vendor Due Diligence
13
18
Download Checklist
Download eBook
Download Checklist
Download Checklist
Download eBook
Download Checklist
Download Infographic
Download eBook
Download Infographic
Download Infographic
Download eBook
Download Infographic
Download Toolkit
Download eBook
Download eBook
EBOOK
checklist
checklist
infographic
EBOOK
ebook
checklist
ebook
infographic
CHECKLIST
ebook
Infographic
Infographic
ebook
Infographic
toolkit
ebook
Download Now
Fill out the form below to access the 21 Third-Party Risk Management Resources for Beginners.
Download PDF Version
02
Check out this free policy template that contains best practice policy content, descriptions, and processes your organization can use as the foundation to customize and align to your own third-party risk management framework.
Third-Party Risk Management Policy Template
template
03
Due diligence is not a static, one-time event. It should be refreshed periodically, risk-based, and tailored to match the product or service provided by a third party along with the level of risk. We've put together a checklist with items you may want to gather based on if your vendor is classified as low, moderate, or high risk.
Due Diligence Checklist for Low, Moderate, and High-Risk Vendors
Download Checklist
checklist
04
Collecting vendor due diligence can feel extremely challenging. You feel like you're constantly calling, emailing, and chasing your vendors to obtain the report you've needed for weeks. Then, once you've received the report, you realize the battle is only half over. You, or a subject matter expert (SME), must fully analyze and write a thorough assessment with your findings. In this eBook, we'll break down how to do vendor due diligence reviews on 6 of the most common due diligence documents we see every day.
How to Do Vendor Due Diligence Reviews: The Complete Breakdown
Download Template
ebook
05
Your critical vendors provide products or services which your organization is highly dependent on. One of the most challenging exercises in third-party risk management is learning how to establish standards for identifying who those critical vendors are. Learn the questions you can ask to determine if a vendor is critical or non-critical.
Identifying Critical Vendors: 6 Fool-Proof Questions
Download Infographic
infographic
06
To verify your vendor has adequate internal controls in place to protect your data, you must request and assess their SOC reports. It can get confusing what each SOC report covers and what each report means. To help guide you and your team in understanding what those differences are, we've created a simple one-page infographic.
Understanding the Differences Between a Vendor SOC 1, 2, 3
Download Template
infographic
07
In order to meet regulatory requirements and have a successful third-party risk management program, it's important that you have all of the necessary documents and procedures in place. Whether you're just getting started or simply are looking to refresh your program, use this comprehensive checklist to guide you to successful third-party risk management.
Third-Party Risk Management
Download Infographic
checklist
08
As part of your vendor due diligence process and regardless of risk level, there are 19 things your organization should be doing when vetting all third parties. Don't overlook these 19 items on any vendor with which you do business.
Vendor Vetting: 19 Things You Should Be Doing
Download eBook
ebook
09
The time has come to prepare for an audit or regulatory exam. The process can be time-consuming and nerve-racking, even for experienced professionals. Sticking to a simple game plan will make an audit of any type much easier to manage. We've developed a handy checklist to help you ensure you’re prepared for your next audit or regulatory exam.
Third-Party Risk Management Audit or Regulatory Exam
Download Checklist
checklist
10
In order to fully understand vendor risk, you need to closely examine cybersecurity protocols. Asking the right questions and obtaining proper documentation will help you more accurately assess the risk posed to your organization. To help ensure you gather the information you need when analyzing your vendor's cybersecurity, use this handy checklist.
Vendor Cybersecurity
Download Checklist
checklist
11
Reviewing a SOC report is an important step in the vendor due diligence process. The report should tell you if your vendor has what's needed to secure your data. We know that assessing vendor SOC reports can be challenging. Download this eBook to help guide you through the review process and mitigate risk.
How to Review a Vendor SOC Report
Download eBook
ebook
12
During the ongoing stage of the third-party risk management lifecycle, it's important to stay on top of upcoming vendor contract renewals. The contract renewal process is just as significant as the first time you signed the dotted line. This helpful checklist will assist you throughout the process.
Vendor Contract Renewals
Download Checklist
checklist
13
A primary pain point organizations are currently facing in third-party risk management is the document collection process. While it may be a time-consuming process, it's crucial that you handle each step thoroughly. That's why we've put together this infographic with 10 tips to help you collect vendor due diligence documents more efficiently.
10 Tips for Collecting Vendor Due Diligence
Download Infographic
infographic
14
Third-party risk management is a complex process that involves many rules, requirements, and processes, all of which must be formalized and documented. There are typically three governance documents: policy, program, and procedures. This eBook will explain what each document is intended to accomplish, what content it should contain, for whom it's intended, as well as helpful tips.
Guide to Your Third-Party Risk Management Policy, Program, and Procedures
Download eBook
ebook
15
Determining the inherent risk and the residual risk of your third parties is a key element of doing a robust risk assessment properly. But, what is the difference between inherent and residual risk? We have it covered in our infographic.
Inherent vs Residual Vendor Risk
Download Infographic
infographic
16
Data breaches have been on the rise lately. Hackers don't discriminate when looking for an asset to attack. And, it's not so much IF you'll be breached, but WHEN. You need to understand what a vendor data breach means to you and the next steps and best practices to implement to handle the breach so that it limits the impact to you and your customers.
My Vendor Has Suffered a Data Breach.
Now What?
Download Infographic
infographic
17
Your organization probably dedicates a lot of thought, time, and resources to its business continuity (BC) and disaster recovery (DR) planning and testing. Similarly, your third-party vendors should be just as committed to their plans and testing. How do you confirm that your vendors have effective business continuity and disaster recovery plans? This eBook covers the main sections that you should be searching for in each plan and what to know about each of them.
How to Analyze a Vendor’s Business Continuity and Disaster Recovery Plans
Download eBook
ebook
18
As part of your vendor risk management, you should be reviewing your vendor's financial statements. But what happens if you see a decline in that vendor's income and financial performance? To protect your organization there are some warning signs to look out for. We've put together an infographic to help you and your team be aware of what the consequences are and your steps for recourse.
Vendor Financial Health Monitoring: Warning Signs to Watch Out For
Download Infographic
infographic
19
Vendor relationships can end for many reasons. Your organization's needs may have shifted and you're looking for a different vendor that better aligns with your strategic goals or maybe your vendor is no longer meeting service level requirements. Whatever the reason for ending the relationship, you want to ensure you have an established offboarding process that minimizes any issues.
Offboarding a Vendor
Download Toolkit
toolkit
20
Many often ask, "how many people should you dedicate to third-party risk management?" Regulatory guidance just reiterates the importance of adequate staffing, but nothing further. So, what is the right number? Investing in the resources to run an effective third-party risk management program leads to reduced risk, greater security, and greater value. We've put together this eBook to help you determine the amount of staff you need to dedicate.
How Many People Should You Dedicate to Third-Party Risk Management?
Download eBook
ebook
21
The success of a third-party risk management program depends on a carefully integrated combination of rules, tools, processes, and people. With so many interdependent components, it can be difficult to know exactly where your program is and how to take it to the next level. Learn the existing well-established roadmap you can follow, known as the third-party/vendor risk management lifecycle, which was specifically designed to help you identify, assess, manage, and monitor vendor risk in your organization.
Guidance on How to Master Third-Party Risk Management in 2023
Download eBook
ebook
Download Template
Download eBook
Download Infographic
Download eBook
Download Checklist
Download Checklist
Download Checklist
Download Checklist
Download Checklist
Download Checklist
Download eBook
Download Infographic
Download eBook
Download Checklist
Download Checklist
Download eBook
Download Infographic
Download Infographic
Download eBook