Third-Party Risk Module

Third-Party Risk Module

 

Overview

The Third-Party Risk (TPRM) module enables you to assess, monitor, and manage risks associated with vendors, suppliers, and other third-party relationships. It provides structured vendor risk assessment and ongoing monitoring capabilities.

 

Key Features

  • Vendor registration and profiling
  • Risk assessment questionnaires
  • Due diligence documentation
  • Contract and document management
  • Periodic review scheduling
  • Risk scoring and categorization
  • Contact management

 

Adding a Vendor

To add a new vendor:

  1. Navigate to Risk - Third-Party Risk
  2. Click Add Vendor
  3. Fill in vendor details:
    • Vendor Name - Company name
    • Category - Vendor type/category
    • Description - Services provided
    • Risk Level - Initial risk assessment
    • Status - Active, Inactive, Under Review
  4. Click Submit

 

Vendor Profile Tabs

Each vendor profile includes:

  • Form - Basic vendor information and risk assessment
  • Contact - Vendor contact persons
  • Document - Contracts, certifications, and other documents
  • Review - Periodic review history

 

Risk Assessment

Assess vendor risks:

  1. Open vendor profile
  2. Go to Form tab
  3. Complete risk assessment questionnaire
  4. Evaluate areas such as:
    • Data security practices
    • Business continuity
    • Compliance certifications
    • Financial stability
    • Operational resilience
  5. System calculates overall risk score

 

Managing Contacts

Add vendor contacts:

  1. Go to Contact tab
  2. Click Add Contact
  3. Enter contact details (name, email, phone, role)
  4. Designate primary contact if needed

 

Document Management

Store vendor documents:

  1. Go to Document tab
  2. Upload relevant documents:
    • Contracts and agreements
    • Security certifications (ISO, SOC)
    • Insurance certificates
    • Audit reports
    • NDAs and compliance documents
  3. Set document expiry dates for tracking

 

Periodic Reviews

Schedule and conduct reviews:

  1. Set review frequency (Annual, Semi-annual, Quarterly)
  2. Go to Review tab
  3. Click Add Review
  4. Document review findings
  5. Update risk score based on findings

 

Best Practices

  • Categorize vendors by criticality
  • Maintain updated contact information
  • Track document expirations
  • Conduct regular risk reassessments
  • Document all vendor interactions
  • Integrate with overall risk register

Risk Management

1
Introduction to Risk Management
2
Risk Register Module
3
Risk Treatment Module
4
Third-Party Risk Module
5
Risk Report Module