Getting started with Third Party Risk Management

The Third Party Risk Management (previously ThirdPartyBond) solution has a pre-configured set of components to help you set up the TPRM environment quickly.

This solution requires a subscription to Third Party Risk Management.

Installing Third Party Risk Management

Once you obtain a subscription to Third Party Risk Management, your Diligent representative takes care of installing the program, setting up the workflows, user roles, and assessments.

Third Party Risk Management supports two assessment versions:

  • CAIQ Lite assessments
  • SIG Lite assessment

You can work with your Diligent representative to ensure that you have subscribed to and have access to the right version of Third Party Risk Management for your organization.

What gets installed?

When Third Party Risk Management is installed and configured in your environment, you get the following:

  • A third-party asset type that acts as a container to hold all your third-parties
  • Workflow states that you can use to track different stages of your third-party life cycle
  • Attributes to store information
  • Questionnaires to categorize and assess the risk associated with each third-party

Integrating with BitSight

If you have a BitSight subscription, you can integrate it with Third Party Risk Management to pull and display the security ratings for your third-parties. You can work with your Diligent representative to set up your BitSight integration.

Prerequisites

  • An active BitSight subscription
  • BitSight token
  • BitSight GUID corresponding to each third-party
  • Subscription to Third Party Risk Management

Users and permissions

All users in Third Party Risk Management get the Analyst or Manager role and full access to all components of Third Party Risk Management. However, to segregate user actions, they can be broadly segregated into 3 types.

User Responsible for
Risk Manager Onboarding and progressing third-parties through different stages of the workflow
Business Owner
  • Responding to categorization assessment
  • Reviewing and approving risk ratings
Third-party Owner Responding to risk assessment

What's next?

Once you have Third Party Risk Management up and running in your environment, you can navigate to your Third-party Asset Inventory to onboard third-parties and start managing life cycles. For more information, see Managing third-party assets.