Third Party Risk Management

► Formulate a project plan & project kick-off activity

► This phase involves reviewing a holistic TPRM Framework

Determine the ownership for developing and maintaining Third-Party Risk Management Program
Reviewing & operationalize Vendor and third-party provider security policy. Identify the owner of this policy
Evaluate and enhance as required the current vendor management processes as per the drafted policy and ensure that it encompasses all business units.
Ensuring vendors are aware of their responsibilities in line with policies.
► Output/Deliverables:
- Defined TPRM program ownership
- Enhanced Templates, policy & procedure for TPRM program
- Notification email introducing TPRM program and expectations from vendors.

► Creating an inventory of third parties (active) and assigning a risk tier

Ensure that third— parties are prioritized based on services provided
Identify & suggest a repository for storing all risk assessment related documentation
Approval mechanism to be setup for accepting the risks.
Help in creating the VRM vertical in the organization with defined KPI's.
► Output/Deliverables:
- Third Party Inventory: with listing of third parties and the risk tier
- Department wise summary PPT of third parties and risk tier, to obtain department head sign off
- Ve vertical structure

► Third Party Assessment Implementing vendor risk program

Implement an enterprise- wide vendor risk assessment program.
Ensure third-party reassessments include processes to determine if contractual obligations are being satisfied.
Develop a Standardized risk assessment scorecard across all business units, to include consideration of vendor types, types of data involved, while incorporating all legal, regulatory, and corporate compliance requirements.
► Output/Deliverables:
- Risk Assessment report for vendors
- Risk Treatment and Monitoring Plan
- Executive Summary Reports of Vendors

Stages