Third Party Risk Management
A recommended approach to managing third-party risk, using the Third Party Risk Management (previously ThirdPartyBond) solution in Diligent One.
Third-party risk management overview
Third-party risk management (TPRM) involves controlling risks that may arise from outsourcing business activities to third-parties, such as partners, government organizations, service providers, and vendors. Doing business with third-parties poses risks and challenges, such as granting access to sensitive information, conducting periodic audits, and compliance and security risks.
Challenges and opportunities
A TPRM program helps to analyze, categorize, and monitor risks arising from associations with third-parties. Implementing and maintaining a successful TPRM program often requires experts to analyze the different realms of risks posed by third-parties and create controls and remediation plans for each. They need to establish:
- relevant assessments to validate risks
- workflows to monitor the third-party life cycle
- continuous monitoring and reporting of progress
- remediation plans to mitigate risks
How Third Party Risk Management (previously ThirdPartyBond) helps organizations
Third Party Risk Management (previously ThirdPartyBond) is an end-to-end third-party risk management solution in Diligent One that helps automate third-party life cycle management as well as continuously monitor and report on progress and results. It also provides integration with BitSight Security Ratings to use their security rating services. Some key features of Third Party Risk Management (previously ThirdPartyBond) are:
- Third-party onboarding and classification with automated workflows
- Out-of-the-box assessment content
- Integration with security risk rating services
- Real-time monitoring through storyboards and reports
How it works
The Third Party Risk Management (previously ThirdPartyBond) solution leverages the power of different apps in Diligent One:
- In Asset Inventory, you can create and manage your third-party assets, generate assessments, and distribute them to respondents so a Workflow robot can automatically assign criticality and risk levels using their answers. You can use this app to control the entire life cycle of your third-party assets.
- In Robots, you can use Workflow robots to automatically bring asset and record data into results tables.
- Results, you can view information about your third-party assets in one place and identify remaining action items.
You'll learn more about this workflow in this guide, including what happens if you need to re-assess or archive your asset.
