hero-bg

Third-Party Risk Management Resources Kit

Managing third-party risk can be challenging — especially when you’re strapped for time and resources. This free third-party risk management resources kit simplifies the process with essential tools and resources you’ll need to identify, prioritize, and mitigate third-party risk, including policy templates, checklists, and more.

What’s in the third-party risk management kit:

  • Third-party risk management policy template
  • Vendor risk management checklist
  • Supply chain risk management policy template
  • Risk assessment template
  • Business continuity plan template

Third-party risk management policy template

A third-party risk management policy establishes controls and processes for managing security risks that are introduced by third parties. Use this template to help build a solid foundation for managing your third-party relationships, whether you’re creating a third-party risk management policy for the first time or looking to strengthen your current policy.

What's included:

  • A complete, auditor-approved template that's easy to tailor to your organization
  • Prompts to establish strong controls and processes for managing third-party security risks

Vendor risk management checklist

A vendor risk management program should put formalized processes in place for managing risk throughout the entire vendor lifecycle, from vendor risk assessments to continuous monitoring. Follow these steps to to implement an effective vendor risk management program at your organization.

What’s included:

  • A clear breakdown of steps your organization needs to take to manage vendor risk
  • An easy way to keep your efforts organized with categorized tasks

Supply chain risk management policy template

A supply chain risk management policy is designed to define and support the protection and controls of supply chain procedures and processes. Download this customizable policy template to build out your policy library.

What’s included:

  • A complete, auditor-approved supply chain risk management template
  • Prompts to specify roles and responsibilities and what supply chain risk management capabilities will be implemented

Risk assessment template

Risk assessment is a process for identifying risks to organizational operations, assets, and individuals and assessing the likelihood they will occur and the harm that would arise if they did occur. Use the template below as a starting point for assessing risks. It is tailored for non-adversarial risk, but you can use it to assess adversarial risk by replacing “range of effects” with “threat source characteristics.”

What’s included:

  • A built-in risk matrix to identify and prioritize risks
  • A section to assign specific risk treatment and risk owners to each threat

Business continuity plan template

A business continuity plan can help assist an organization in resuming operations and services as quickly as possible during a crisis. Use this template to begin identifying the risks, critical elements, mitigation actions, and preparedness strategies that will make up the basic components of your business continuity plan.

What’s included:

  • A step-by-step guide through the major planning steps for building a simple but effective plan to minimize damage and speed up the resumption of office operations after a crisis.
  • Prompts to identify the most critical elements of your organization, their resource requirements, and how their recovery should be prioritized