THIRD PARTY RISK MANAGEMENT (TPRM)
Cost Effective Tools for Minimizing Third Party Risk
DoubleCheck’s Third Party Risk Management (TPRM) provides a central location for vendor assessments including risk evaluations, compliance checklists and tools to evaluate vendor performance relative to your organization’s objectives.
Third Party Risk Management (TPRM) Software
Third Parties – Vendors, Suppliers, Partners, Consultants – all are critical to your business’ success. You count on their services, and, when they fail to perform, risks become events – supply chain disruptions, system downtime, data breaches, lost revenue, and compliance issues can materially impact your firm’s reputation, customer satisfaction, and profitability.
DoubleCheck TPRM Essentials provides a straightforward, structured process to manage third party risk, helping you determine and assess critical risks, manage the acquisition and flow of evidence to determine current states and remediation needs, monitor expert internal reviews, and conduct remediation where needed to assure you have control of this important component of your risk management process. Rich reporting and publication capabilities assure management will have ready access to current status, and important issues are clearly presented in context to their significance.
Watch TPRM Video
How It Works
Access to Dun and Bradstreet's World-class TPRM data
You start by adding a third party to DoubleCheck TPRM and by providing some basic information. Then, a fully integrated seamless interface to Dun & Bradstreet’s proprietary databases matches that third party; key information is gathered and populates your records automatically, including financial stability and status on the US government’s lists of businesses of concern.
Confidence that proper documentation is identified and collected
DoubleCheck TPRM guides you every step of the way. By answering some straightforward profiling questions DoubleCheck TPRM identifies what kind of documentation is necessary to assess the risk associated with that third party. The parameters of service must be expressed in terms of potential risk. Will the third party need access to company data? Will they store any of it locally within their enterprise? Or in a cloud? Will they require access to your company’s internet? Internal network? Servers? Data Stores? Other? How will the third party’s users authenticate? Who will manage and control authentication? Whose authentication practices will govern changes when staff change roles or depart? How will you know? How will issues or incidents be reported? Has the third party had any history of data incidents? Privacy issues? Regulatory problems? And more. The system comes with pre-configured forms, including an IT assessment, for you to use or modify as appropriate. The software allows you to specify custom requirements or policies for third parties to respond to – assuring you have all the right information matched to the right risk concerns.
Verification that evidence and documentation is up-to-date
As information is gathered, DoubleCheck TPRM manages subject matter experts’ review of accumulated documentation and, based on the evidence provided, determination is made on the level of risk associated with that third party. Should additional actions be necessary, the system automatically creates and automates follow-up communications on action items, assuring key follow-ups are not forgotten. You will always have current status information at your fingertips via simple screen arrays available right out of the box.
Assurance that documentation is consistently reviewed and updated
As documents expire, the system automatically initiates appropriate reviews and collection of current evidence, assuring each third party’s data remains valid, up-to-date, and relevant, assuring your ability to maintain awareness of current residual third party risk while operating in a dynamic business environment. TPRM is a cyclical and continuous process, requiring the coordination of multiple refresh cycles across different third parties with differing risk profiles. Automation is a vital tool to managing them all with efficiency and economy.