Third-Party Risk Management

Blog post CENTRL 2018-12-27

Third-Party Risk Management

The CENTRL platform enables companies to identify, manage, assess, and mitigate third-party risks across all stages of the vendor lifecycle. It provides easy-to-use workflows for vendor onboarding, ongoing due diligence, and onsite audits, to streamline risk identification. It also provides integrated workflows to manage and mitigate issues identified during this process. Centralized data of all vendors and granular analytics helps you gain valuable insights, manage exceptions and make better decisions.

Vendor onboarding and segmentation

  • Streamline pre-contract inherent risk analysis of new vendors.
  • Manage inherent risk for each vendor at the engagement, product, and service levels.
  • Segment vendors into multiple tiers based on attributes, such as criticality and inherent risk.
  • Internal company workflow to allow your vendor or business area owners to complete new vendor or onboarding inherent risk assessments.
  • Use inherent risk to define an ongoing due diligence strategy with vendors.

Vendor onboarding

Ongoing assessments and audits

  • Conduct third-party assessments audits, and surveys to monitor risk.
  • Use industry-standard templates such as SIG, AIMA, etc., or digitize proprietary questionnaires.
  • Clarify questions, resolve issues, and collaborate, in one application.
  • Add your own observed answers, if you are conducting all or part of the evaluations on-site.
  • Grade and score third-party responses at the control/sub-control or question level.
  • Create recurring schedules to send assessments periodically.

Risk and issue mitigation

  • Identify and escalate issues from each assessment.
  • Collaborate with vendors and request updates on issue remediation.
  • Capture important details about specific issue severity, resolution recommendations, and issue status.
  • Create action plans, and manage progress from start to completion.

Manage ongoing risk obligations and performance

  • Create risk obligations per vendor engagement, to track ongoing performance.
  • Obligations can be for requesting a document (Financial Statements, Certificate of Insurance, SOC Reports, etc.) or to conduct additional assessments.
  • Aggregate all vendor documents, policies, and information in a centralized location.

Reporting and analytics

  • Portfolio-level dashboards and reports to highlight risks and exceptions.
  • View trends and analyze data across vendors, contracts, and service areas. Drill down capabilities to understand the source of risk and exceptions.
  • Compare Vendor results at a questionnaire, section or control area.

Provide vendors with network-based sharing platform

  • Vendors publish documents and pre-populated DDQs to clients with complete control.
  • Vendors get full workflow to answer questionnaires, respond to clarifications, and provide updates to issues.
  • Vendors can share SLA and performance reports with clients.

Part of the CENTRL suite

  • Simple to use and get started, yet very configurable for vendor attributes, reporting, weights, and scoring rules, for your business needs.
  • Complementary to CENTRL’s Privacy360 - often you will have Vendors that manage sensitive processes areas and data.

Using Vendor360’s your organization can streamline your third-party assessments and gain better control and insight into your extended ecosystem of partners.

Read more about Vendor360, or contact sales about CENTRL’s vendor solutions.

Similar resources

More resources