Understand Exposure and Manage Your Third Party Relationships

DoubleCheck’s Vendor Risk Management Software solutions provide a central location for vendor assessments including risk evaluations, compliance checklists and tools to evaluate vendor performance relative to your organization’s objectives.


Vendor Risk Management Software

You need to manage your third party risks and demonstrate compliance with regulations. DoubleCheck software allows you to evaluate prospective and existing vendors and review their potential risks to your business. You’ll also gather relevant information about this vendor to be evaluated against defined criteria. Risk evaluations and profiles can be managed within an established tolerance level.

Performance Assessment and Management

The DoubleCheck tools make it easy to regularly assess performance relative to the standards, collect and archive evidence necessary to support performance claims, assure ownership and closure of any issues. This would typically include contracts with prescribed terms, vendor risk mitigation plans, SSAE-16s, insurance certificates, OFAC review, subcontractor information and other certifications. Your business will have an accurate, up-to-date real time view of third party risks and demonstrate compliance to regulators.

Room to Grow

You’d like to bring together risk, audit, compliance and control information across business and its relationships. With DoubleCheck’s vendor management software you’ll be able to classify vendors based on specific business or industry requirements and vendor operations. You’ll also be able to understand your risk exposure and effectively manage risks across GRC functions.

DoubleCheck Vendor Risk Management Software

Assure your vendors are meeting your standards

Vendors are a critical part of every business, providing products and services that are of better value than the business can deliver on its own. But there is always a question about the vendors – are they performing the work in accordance with the standards my firm requires? Are they keeping our firm’s data safe and secure? Could something happen that could significantly compromise our business or impact our customers?

The best way to assure your vendors – or any third party – are meeting your requirements is to have a formal process of assessing your vendors relative to the nature of work they perform, the information they have and the processes they execute on your behalf and then confirm, on a regular basis, those vendors are meeting your standards. It is often beneficial to also understand the nature of an impact if something were to go awry and what mitigation or remediation actions might be necessary.

The DoubleCheck Vendor Risk Management Software is designed to meet these needs. The system is designed to manage a process of evaluating vendors based on a set of defined criteria, determining and gathering information required to assess performance, managing subject matter expert review, scoring results and providing management information in reports and dashboard. With the DoubleCheck solution, your business can have an accurate, up-to-date real time view of the risks associated with doing business with a vendor and your subject matter experts’ view of vendor performance.

Assuring that vendors and other third parties are meeting defined standards for data security and integrity, process management and business requirements is essential in managing business risk. The DoubleCheck tools make it easy to regularly assess performance relative to the standards, collect and archive evidence necessary to support performance claims, assure ownership and closure of any issues and clearly demonstrate ongoing compliance.


Here are some common vendor risk management software questions and answers.

Q: How does the vendor risk management process basically work?

A: In simplified form, the standard system follows the process shown below:

A vendor (or any third party) is entered in the system, and basic information is gathered about the vendor. At this point, the vendor is considered “High” risk, because no information is available to suggest otherwise. The system then guides the appropriate staff through a series of questions, which determines if the vendor is critical, material or minor and the extent of potential impact if something were to go wrong with the vendor. Based on that scoring, a defined set of information is identified to be collected and reviewed by appropriate subject matter experts. Following that evaluation, the system proposes a rating which is reviewed and finalized. Then, on a defined schedule – typically annually or when documentation expires – the process is repeated to assure that vendor status is current and reliable. And, of course, at all times dashboards are available and reports distributed to assure all involved are aware of current status. Finally, if there are issues or findings – such as a vendor not meeting standards – the system will assure that finding is assigned to an appropriate person and that resolution is happening in a timely fashion.

Q: Could I change the vendor questions or scoring algorithms? Can I have review and notification processes tailored to my firm?

A: No problem! Our system allows for customizable scoring algorithms and workflows.

Q: Can I tell if a vendor or subject matter expert has not responded? Will the tools remind them?

A: Yes. The system comes with dashboards and reports that tell program status down the specific response of individuals. The tool has a standard email based reminder system that will follow up automatically with non-respondents.

Q: Can I ask for more than status? Can I ask for some evidence of performance?

A: Certainly. All data collected is maintained in the system, and is available for review for users with appropriate permissions.

Q: Can I have reports automatically distributed to appropriate managers or executives?

A: Yes. Reports can be automatically run and distributed by email on virtually any schedule. The content of the reports can be filtered to the role of the recipient, so that, for example, a manager will only see status or performance of the vendors he or she is responsible for.

Q: What happens if a requirement is not being met?

A: In the standard system, this involves creating an issue, assigning it to a responsible party, negotiating an action plan and due date. The system will follow up to assure closure, including collecting any required evidence. Alternatively, the system can be set up to automatically create an issue and notify appropriate parties if a respondent selects a problematic answer.

Effective understanding and management of risks from third parties is essential in modern business – there is simply too much harm that can be done from having business information, customer information or business operations compromised. With the DoubleCheck VRM Solution, you can be assured that your vendors are demonstrating compliance…or else!


DoubleCheck ERM One™

An out-of-the-box tool that delivers an integrated ERM process together with a comprehensive, high-level categorization of exposures (Financial, Core Business, Operational and Strategic), fully loaded with over 60 associated, pre-populated risks to be used as a starting point.