Third Party Risk Management

A recommended approach to managing third-party risk, using the Third Party Risk Management (previously ThirdPartyBond) solution in Diligent One.

This solution requires a subscription to Third Party Risk Management.

Third-party risk management overview

Third-party risk management (TPRM) involves controlling risks that may arise from outsourcing business activities to third-parties, such as partners, government organizations, service providers, and vendors. Doing business with third-parties poses risks and challenges, such as granting access to sensitive information, conducting periodic audits, and compliance and security risks.

Challenges and opportunities

A TPRM program helps to analyze, categorize, and monitor risks arising from associations with third-parties. Implementing and maintaining a successful TPRM program often requires experts to analyze the different realms of risks posed by third-parties and create controls and remediation plans for each. They need to establish:

  • relevant assessments to validate risks
  • workflows to monitor the third-party life cycle
  • continuous monitoring and reporting of progress
  • remediation plans to mitigate risks

How Third Party Risk Management helps organizations

Third Party Risk Management is an end-to-end third-party risk management solution in Diligent One that helps automate third-party life cycle management as well as continuously monitor and report on progress and results. It also provides integration with BitSight Security Ratings to use their security rating services. Some key features of Third Party Risk Management are:

  • Third-party onboarding and classification with automated workflows
  • Out-of-the-box assessment content
  • Integration with security risk rating services
  • Real-time monitoring through storyboards and reports

How it works

The Third Party Risk Management solution leverages the power of different apps in Diligent One:

  • In Asset Inventory, you can create and manage your third-party assets, generate assessments, and distribute them to respondents so a Workflow robot can automatically assign criticality and risk levels using their answers. You can use this app to control the entire life cycle of your third-party assets.
  • In Robots, you can use Workflow robots to automatically bring asset and record data into results tables.
  • Results, you can view information about your third-party assets in one place and identify remaining action items.

You'll learn more about this workflow in this guide, including what happens if you need to re-assess or archive your asset.

Third-party risk management solution guides

Getting started with Third Party Risk Management

Learn more about Third Party Risk Management components and get started

Managing third-party assets

Set up and manage a Third-party Asset Inventory

Understanding risk scoring for third-party assets

Learn how categorization and risk scoring is calculated for third-parties through assessments