Getting started with Third Party Risk Management (previously ThirdPartyBond)
The Third Party Risk Management (previously ThirdPartyBond) solution has a pre-configured set of components to help you set up the TPRM environment quickly.
Installing Third Party Risk Management (previously ThirdPartyBond)
Once you obtain a subscription to Third Party Risk Management (previously ThirdPartyBond), your Diligent representative takes care of installing the program, setting up the workflows, user roles, and assessments.
Third Party Risk Management (previously ThirdPartyBond) supports two assessment versions:
- CAIQ Lite assessments
- SIG Lite assessment
You can work with your Diligent representative to ensure that you have subscribed to and have access to the right version of Third Party Risk Management (previously ThirdPartyBond) for your organization.
What gets installed?
When Third Party Risk Management (previously ThirdPartyBond) is installed and configured in your environment, you get the following:
- A third-party asset type that acts as a container to hold all your third-parties
- Workflow states that you can use to track different stages of your third-party life cycle
- Attributes to store information
- Questionnaires to categorize and assess the risk associated with each third-party
Integrating with BitSight
If you have a BitSight subscription, you can integrate it with Third Party Risk Management (previously ThirdPartyBond) to pull and display the security ratings for your third-parties. You can work with your Diligent representative to set up your BitSight integration.
Prerequisites
- An active BitSight subscription
- BitSight token
- BitSight GUID corresponding to each third-party
- Subscription to Third Party Risk Management (previously ThirdPartyBond)
Users and permissions
All users in Third Party Risk Management (previously ThirdPartyBond) get the Analyst or Manager role and full access to all components of Third Party Risk Management (previously ThirdPartyBond). However, to segregate user actions, they can be broadly segregated into 3 types.
User | Responsible for |
---|---|
Risk Manager | Onboarding and progressing third-parties through different stages of the workflow |
Business Owner |
|
Third-party Owner | Responding to risk assessment |
What's next?
Once you have Third Party Risk Management (previously ThirdPartyBond) up and running in your environment, you can navigate to your Third-party Asset Inventory to onboard third-parties and start managing life cycles. For more information, see Managing third-party assets.