Vendor-Provided Resources

Third-party risk management (TPRM) governance documentation is the foundation for managing vendor relationships. The policy, program, and procedures define the rules, requirements, and expectations for your organizations TPRM program.

This eliminates ambiguity, clarifies stakeholder responsibility, and provides practical instructions for carrying out TPRM processes. These key documents are essential for any third-party risk management program.

Download the infographic to learn:

• What each document is

• The key elements of each document

• Important items to include in each document

High-risk and critical vendors require the most oversight in third-party risk management. While they're often treated interchangeably in organizations, there are several key differences between them.

Most critical vendors are high risk, but not all high-risk vendors are critical. To manage high-risk and critical vendors most effectively, it's important to understand the differences and know how to identify them.

Download the infographic to learn:

• High-risk vs critical vendors

• How to identify high-risk and critical vendors

• Examples of high-risk and critical vendors

Evolving vendor risks, new regulatory expectations, and dwindling budgets bring
challenges to vendor risk management (VRM) programs. Maintaining a successful VRM program can feel like an uphill battle, but with the right strategy your organization can establish a set of processes and procedures to effectively manage vendor risk. 

By incorporating the six elements outlined in the eBook, you can set your vendor risk management program up for success.

Download the eBook to learn:

• Six VRM elements to implement

• Tips to make each element successful

• Considerations to improve your VRM processes

Managing your vendor's performance is a critical step to ensure the vendor is following expectations and delivering products and services to your organization's standards. To accurately measure a vendor's performance, it's important to understand key metrics and strategies to track them. 

This toolkit covers strategies to create and maintain vendor performance metrics and how to use vendor scorecards to track and measure vendor performance. You'll also learn key steps to monitor a vendor's performance over time and how to address issues.

Download this toolkit for:

• eBook: How to develop vendor metrics, service level agreements, key performance indicators, and key risk indicators

• Template: An example of a vendor performance scorecard to use

• Infographic: Steps to monitor vendor performance and how to address issues

Effective third-party risk management requires organizations to identify third-party risks and take steps to mitigate them. But what if those risks change? What if there are new risks that weren't identified at the beginning of the third-party relationship? 

To stay on top of the ever-shifting third-party risk landscape, it's crucial for organizations to monitor risk on an ongoing basis. This isn't just a one-time process, but rather a series of activities that vary based on the third party's risk. 

Download the eBook to learn:

• Key onboarding activities to know before monitoring

• Questions to determine ongoing monitoring requirements

• Periodic and ongoing monitoring activities

• Roles and responsibilities for ongoing monitoring

• Best practices and helpful tips for implementing and improving ongoing monitoring

Mapping out your annual budget for your third-party risk management program can be challenging, especially if goals are unclear, there are competing priorities, or a lack of support from senior leadership. Developing a budget roadmap is one way to tackle these challenges by assessing your program's current status, how resources are used, and the resources needed to mature. 

This eBook will help you understand what to consider when estimating your third-party risk management budget, how to identify what resources are needed, and how to create a budget roadmap. 

Download the eBook to learn:

• Questions and examples to estimate your budget

• Benefits of a third-party risk management budget roadmap

• How to create a budget roadmap and best practices

Whenever your organization partners with a third-party vendor, it’s important to set certain quality standards for the product or service you’re purchasing. If your vendor isn’t meeting those standards, your organization could be dealing with issues like decreased productivity, added expenses, operational disruptions, and reputational damage. 

A vendor’s performance must be closely monitored and tracked to ensure it remains at the expected level outlined in the service level agreement (SLA). Tracking your vendor’s performance through key performance indicators (KPIs) helps ensure the vendor is meeting its SLA, which is an important element in managing third-party risk. 

Download the eBook to learn:

• How to use SLAs and KPIs in your third-party risk management program

• How to align SLAs and KPIs

• Tips and examples for effective SLAs and KPIs

Unlock the future of risk management with Supply Wisdom's DORA eBook! Dive into this essential guide that explores the transformative impact of the Digital Operational Resilience Act on banks, financial institutions, and ICT service providers.

Discover how to enhance your third-party risk management strategies while navigating compliance with ease. With a unified framework and clear legal guidelines, this eBook is your key to mastering data management, securing your supply chain, and staying ahead of cyber threats.

While most third-party risk management professionals understand it's essential to address and manage vendor risk, one crucial activity can be confusing or even neglected – ensuring vendors carry appropriate insurance coverage. Many organizations don't have the necessary knowledge on vendor insurance policies and coverage amounts.  

Understanding insurance can be challenging, as it involves navigating a range of state-specific regulations, complex policy language, and a wide range of coverage options. How can organizations better align their use of vendor insurance coverage as an actual risk mitigation technique?  

Download this eBook to learn:  

• Basic vendor insurance terms to know  

• Common commercial insurance types  

• Examples of which vendors should carry each insurance type  

• Vendor insurance considerations 

It's a common scenario... An organization neglects to track contract expiration dates only to realize too late, and the end date is only a few days away. The lack of preparation leaves very little time for negotiating or modifying the contract or identifying alternative vendors if needed.  

Mid-term vendor contract reviews are an effective way to ensure vendors continue to deliver their products and services as expected and that both parties are satisfied with the partnership.  

Download the infographic to learn:  

• What a mid-term contract review is  

• Benefits of performing a mid-term contract review  

• Questions to ask during the review  

• Best practices 

The Third Party Risk Management Maturity Model is designed to help   companies assess their TPRM programs' maturity and determine their program   roadmaps. We'll be adding practical guides and resources to this page. If you have any recommended resources send them our way at info@locktivity.com!

A vendor experiencing poor financial health may feel the pressure to cut expenses, which then can affect operations, security, and more. Since contracts and service level agreements (SLAs) are often used to ensure quality standards in a vendor’s products and services, they can also be valuable tools in addressing a vendor’s poor financial performance.

Learn strategies and tips to help your organization use relevant contract language and SLAs to address a vendor’s poor financial health.

Download the infographic to learn:

• The consequences of poor vendor financial health

• Contract and SLA strategies to address poor financial health

• Tips to help you mitigate the risks