9 Tips For Conducting Third-Party Risk Assessments (Infographic)

Call Us

EnglishEMEA + APAC / EnglishFrançaisDeutschItalianoEspañol
1-866-297-0224

Header Menu

Blog
Careers
Customer Support

Your Training Plan

NAVEX Global

ProductsExpand
Ethics & Compliance Platform
The NAVEX One platform is an automated ethics and compliance solution that includes a suite of complementary solutions.

Learn More

Lockpath Integrated Risk Platform
NAVEX Global’s Lockpath is a powerful, flexible, integrated GRC platform that enables integrated risk management and is built to scale.

Learn More

Environmental, Social & Governance Solutions
NAVEX ESG helps organizations remove the complexity and confusion of managing multiple sustainability efforts.

Learn More

Ethics & Compliance Management
+− Submenu
Policy & Procedure Management

Code of Conduct

Ethics & Compliance Training
+− Submenu
Awareness Solutions

Course Library

Create a Custom Training Plan

Hotline & Incident Management

Disclosure Management

Third Party Risk Monitoring & Screening

Analytics & Benchmarking
+− Submenu
Industry Benchmarking

Dashboard Analytics

Integrated Risk Management
+− Submenu
Business Continuity Management

Privacy, Risk & Compliance Management

Third Party Risk Management

Health and Safety Management

IT Risk Management

Operational Risk Management

Environmental, Social and Governance Management
+− Submenu
ESG Framework Management

Environmental Sustainability Management

Responsible Supply Chain Management

Conflict Minerals Management
SolutionsExpand
Download

Download

Download

Download

By Issue
+− Submenu
Diversity & Inclusion

Business Continuity

Data Privacy

Bribery & Corruption

Harassment & Discrimination

Retaliation

Conflicts of Interest

Cyber Security

Regulatory Compliance

Organizational Culture

Corporate Fraud

Managing Third Parties

Compliance & Policy

Health and Safety

IT Risk

Operational Risk

By Role
+− Submenu
Risk & Compliance

Legal & Risk

Human Resources

Board of Directors

Audit

Quality Control

IT

Procurement & Supply Chain

By Industry
+− Submenu
Healthcare

Financial Services

Manufacturing

Energy & Utilities

Food and Beverage

Government

Insurance

Life Sciences

Retail

Technology

Transportation & Logistics

By Regulation
+− Submenu
CCPA

FCPA

SOX

GDPR

HIPAA

ISO 27001

NERC CIP

NIST CSF

NYDFS

OSHA

PCI DSS

DOJ Corporate Compliance

EU Whistleblower Directive

UK Modern Slavery Act

UK Bribery Act

Sapin II
PricingExpand
ServicesExpand
Professional Services

Customer Success
+− Submenu
Implementation Services

NAVEX Global Community
ResourcesExpand
Benchmark Reports

Definitive Guides

White Papers

Case Studies

Use Cases

ROI Calculators

Webinars

CPE Credits

Compliance Next

ALL RESOURCES
CompanyExpand
Leadership Team

Partners

In the News

Press Releases

Events

Blog

Working at NAVEX Global

Job Openings
Get In Touch
US + AMERICAS
1-866-297-0224

EMEA + APAC
+44 (0)20 8939 1650

Locations >

Your Training Plan

Understand your risk appetite

Regulatory bodies usually tell you who to assess and how often. However, determining questions to ask in the assessment is frequently left up to you. How do you decide? How might results impact company policies and procedures? Build and test your third-party assessment program internally using questionnaires that reflect your company’s
risk appetite.

Classify your vendors

Develop a method for classifying vendors to identify third parties that are in-scope and require assessments. This helps ensure you don’t assess third parties unnecessarily or miss assessing third parties that pose a risk to your organization.

Improve the data collected

Obtaining data is one of the biggest challenges in managing third-party risk and a high quality assessment is key. To improve the quality of your questionnaires, start with a widely accepted assessment, like the Standard Information Gathering (SIG) questionnaire from Shared Assessments, and tailor it to your specific business needs
and processes.

Make assessments easier to manage

If you do business with a multitude of third parties, you need a way to make assessments easier to manage. Speed up the assessment process by giving all third parties a low threshold assessment with a few flagging questions. For all flagged third parties, send a higher level, deep-dive assessment for due diligence on risk. It’s an easier and often more thorough process for assessing third parties.

Pre-populate your assessment world

Assessments are something you do on a continuous basis and often with the same vendors. If your assessment engine pre-populates data, the entity you’re assessing only has to address changes. It’s less work for them and you, and may even improve the response rate.

Assess for performance, not just risk

With the right platform, you can upload service level agreements (SLAs) and make them part of the assessment process. Compare assessment data to SLAs and then use the analysis to provide feedback to the third party, leverage it in contract renewal, or use it to support switching to another service provider.

Reassess based on third party’s
expanded offering

When third parties expand their services to your company, it changes their risk profiles. One of the best ways to address this is to periodically assess third parties for changes and update risk profiles accordingly. This way, your third-party risk profile is always current.

Look beyond financial risks with third parties

Most organizations assess third parties to manage financial risk. There are other risks to be concerned about like service interruptions and upset customers. Sometimes small risks open the door to more serious consequences. Losing revenue can cause problems, but it is recoverable. Losing your reputation may not be.

Dependency creates a business
continuity risk

Any third party can be a business continuity risk. The litmus test is if their service stopped, it would interrupt yours. Maybe it’s the provider of IT services or a supplier with a key role in the supply chain. Third parties that you’re greatly dependent on can pose business continuity risks that can be identified through a risk assessment.

Lockpath by NAVEX Global assists companies with third-party risk management as part of an integrated risk management program. Contact us to learn more.

LinkedIn Twitter Facebook YouTube

1-866-297-0224

Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!

Select Language & Region

English
English (EMEA)
Deutsch
Italiano
Français
Español

About NAVEX Global

Our Story
Blog
In the News
Press Releases
Events
Careers
Leadership Team

Terms of Service

Modern Slavery Act Statement
Privacy Statement
Terms of Use
Email Subscriptions
Cookie Preferences
English