Third Party Risk Management Maturity Calculator
2024 research shows that almost 88% of recent security breaches began with a third party. Is your third-party risk management team ready to take on that challenge?
This TPRM Maturity Calculator offers a quick snapshot of your program. Just answer these 15 quick questions, and we'll share a maturity score, provide some context about how your approach stacks up, and offer resources to help you take the next step.
-
We have organizational structures that establish accountability for the oversight of our vendor relationships.
-
We have requirements for security provisions that should be included in vendor contracts.
-
We have requirements for extension-of-contract obligations to our 4th parties.
-
We have a policy that clearly outlines the requirements and objectives of our TPRM Program.
-
We have a process to maintain an accurate inventory of vendors.
-
We have defined a tiered vendor classification structure based on risk rating or risk category.
-
We conduct risk-based assessments using a questionnaire or other documentation like third party audits and certifications.
-
We identify control issues and make recommendations.
-
We can easily track remediation plans, review with management and follow up with the vendor.
-
We consolidate the issues of vendor assessments and can easily present open risks to management.
-
We have sufficient staff to manage vendor risk management activities effectively.
-
We can easily produce metrics that communicate our compliance with our program.
-
We use technology solutions that leverage AI to manage the vendor risk assessment and remediation process.
-
We have access to up-to-date security information on all of our vendors.
-
We leverage external data sources to identify security risks or to help us complete assessments