Skip to content

Third-party risk management

Vendor risk management.

Why and how to build an effective third-party vendor risk management program.

Key information and topics covered 

The days of blaming issues with a third party for your troubles are long gone. Identifying, assessing, and managing the risks associated with your vendors, third parties and related supply chains third-party risk management, or TPRM is now expected as part of any organization's risk management program.

Third parties can include vendors, contractors, consultants, suppliers, service providers, agencies and more. Vendors are just one type of third party, but they are generally the most important. While the principles in this eBook can often be applied to other third parties, the focus is on vendor risk management (VRM).

An effective vendor risk management program offers numerous benefits to organizations, which can be grouped into three categories:

  • Improved risk management and resilience, including avoiding supply chain disruption
  • Efficiency and cost savings
  • Enhanced visibility, including regulatory compliance

There are clear advantages to the business in all three areas, ranging from direct cost savings to the avoidance of costly unexpected failures and potential regulatory non-compliance. Effective third-party risk management is critical to other key risk and resilience topics that are increasingly important focuses for regulators particularly operational resilience and business continuity management.

The lifecycle of vendor risk management involves three main stages onboarding, ongoing monitoring and offboarding. Each of these can be broken down into specific phases to gain a full understanding of your organization's requirements.

This eBook provides a detailed step-by-step guide to the stages required to build an effective vendor risk management program.


What you will learn 

  • The drivers and benefits of vendor risk management.
  • The third-party risk management lifecycle, and the steps to implement a comprehensive vendor risk management program.
  • Tools, technologies, and best practices to overcome the challenges associated with implementing a vendor risk management program.
  • How your vendor risk management program ties into your operational resilience and business continuity management programs.
  • The key steps required to establish an effective third-party vendor risk management program in your organization.