THIRD PARTY RISK MANAGEMENT (TPRM)

DoubleCheck TPRM guides you every step of the way. By answering some straightforward profiling questions DoubleCheck TPRM identifies what kind of documentation is necessary to assess the risk associated with that third party. The parameters of service must be expressed in terms of potential risk.  Will the third party need access to company data?  Will they store any of it locally within their enterprise? Or in a cloud? Will they require access to your company’s internet? Internal network? Servers? Data Stores?  Other?  How will the third party’s users authenticate?  Who will manage and control authentication? Whose authentication practices will govern changes when staff change roles or depart? How will you know? How will issues or incidents be reported?  Has the third party had any history of data incidents? Privacy issues?  Regulatory problems? And more. The system comes with pre-configured forms, including an IT assessment, for you to use or modify as appropriate. The software allows you to specify custom requirements or policies for third parties to respond to – assuring you have all the right information matched to the right risk concerns.

As information is gathered, DoubleCheck TPRM manages subject matter experts’ review of accumulated documentation and, based on the evidence provided, determination is made on the level of risk associated with that third party. Should additional actions be necessary, the system automatically creates and automates follow-up communications on action items, assuring key follow-ups are not forgotten. You will always have current status information at your fingertips via simple screen arrays available right out of the box.

As documents expire, the system automatically initiates appropriate reviews and collection of current evidence, assuring each third party’s data remains valid, up-to-date, and relevant, assuring your ability to maintain awareness of current residual third party risk while operating in a dynamic business environment. TPRM is a cyclical and continuous process, requiring the coordination of multiple refresh cycles across different third parties with differing risk profiles. Automation is a vital tool to managing them all with efficiency and economy.

Great data enables top-quality intelligence and reporting! DoubleCheck’s TPRM Essentials, offers real-time reports of overall status as well as individual third party scorecards. With these tools and reports, management can quickly and clearly see the big picture and the critical issues, while operating staff can efficiently and effectively assure your third parties are in fact, reliable partners.

Seeking to integrate risk, audit, compliance and control information across business and its relationships? With DoubleCheck GRC Suite, you’ll be able to manage and understand your enterprise risks (including third party risks), assure compliance with appropriate laws and standards, formally audit activities as appropriate, sharing (only) relevant information across the GRC functions.