Skip to content

Third-party risk management

Vendor risk management.

Why and how to build an effective third-party vendor risk management program.

Key information and topics covered 

The days of blaming issues with a third party for your troubles are long gone. Identifying, assessing, and managing the risks associated with your third parties and related supply chains (third-party risk management, or TPRM) is now expected as part of any organisations risk management program.

Third parties can include vendors, contractors, consultants, suppliers, agents and more. Vendors are just one type of third party, but they are generally the most important. While the principles in this eBook can often be applied to other third parties, the focus is on vendor risk management.

An effective vendor risk management program offers numerous benefits to organisations, which can be grouped into three categories:

  • Improved risk management and resilience (including avoiding supply chain disruption)
  • Efficiency and cost savings
  • Enhanced visibility (including regulatory compliance)

There are clear advantages to the business in all three areas, ranging from direct cost savings to the avoidance of costly unexpected failures and potential regulatory non-compliance. Effective third- party risk management is critical to other key risk and resilience topics that are increasingly important focuses for regulators particularly operational resilience and business continuity management.

The lifecycle of vendor risk management involves three main stages onboarding, ongoing monitoring and offboarding. Each of these can be broken down into specific phases to gain a full understanding of your organisations requirements. This eBook provides a detailed step-by-step guide to the stages required to build an effective vendor risk management program.


What you will learn 

  • The drivers and benefits of vendor risk management.
  • The third-party risk management lifecycle, and the steps to implement a comprehensive vendor risk management program.
  • Tools, technologies, and best practices to overcome the challenges associated with implementing a vendor risk management program.
  • How your vendor risk management program ties into your operational resilience and business continuity management programs.
  • The key steps required to establish an effective third-party vendor risk management program in your organisation.