Stand up a third-party risk program
Create a risk initiative, attach a third-party framework with fourth-party and monitoring objectives, onboard vendors, tier them by criticality, assign accountability, and run risk-based assessments.
Try it in CybervergentOverview
Build a tiered, owned third-party risk program from framework to live register.
Step-by-step
- 1 In the sidebar, open 'Posture Management' then 'Risk Management' and click 'New Initiative'.
- 2 Select or create a Third Party framework. When building one, add the Third-Party Management objective for fourth-party exposure and the Continuous Monitoring objective for monitorable assets.
- 3 On the Delegate step, set the program owner and business sponsor, and use 'Link custom frameworks' to attach the third-party framework. Submit.
- 4 Open the initiative and go to the Register tab. If it shows 'A custom framework is required', use 'Attach to a risk initiative' or 'Create a custom framework'.
- 5 Click 'Onboard Third Party' and add your vendors one by one or by uploading an Excel file in bulk.
- 6 Click 'Manage' on each vendor to set the owners, relationship manager, business sponsor, lifecycle stage, tier, and review cadence.
- 7 Tier vendors by criticality so assessment depth and review frequency scale with risk, then send assessments to the highest tiers first.
- 8 Watch the register populate by risk band and tier, and review the Tiers view for coverage and the tier-by-risk matrix.
Related articles
Third-Party Program Onboard and tier your vendors Bring the vendor population into the register and classify it by criticality and tier. Third-Party Program Run vendor reassessment at scale Keep a large vendor population current with cadence-driven reassessment. Third-Party Program Monitor vendors continuously Move beyond point-in-time assessment to continuous monitoring of vendor assets. Third-Party Program Manage fourth-party and concentration risk See your extended supply chain and where a single provider could take down many vendors.