Vendor risk management, also called supplier risk management or third party risk management, describes the efforts of managing the risks posed by the companies who sell you products and services. For the most part, this risk management discipline uses assessments, collects information periodically, and involves external rating providers. With this process, you qualify and on-board vendors, and create snapshots of their status. Equipped with this data, you are able to ensure that these third parties meet and maintain the base requirements set by your organization, for example on data security, cyber, compliance and financial health.
The data offers an excellent foundation for building a vendor risk profile – but it is not enough. For a total view of risk, you have to manage events unfolding in real time. You need to identify, assess and mitigate the risks posed by your vendors or other third parties.
Download this whitepaper to learn:
What the three phases of the risk management lifecycle are
How to assess the risk impact and general criticality
Why action plans help you successfully mitigate risk and build resilience