TPRM Lifecycle Phases Flashcards
TPRM Info
Third Party Risk Management (TPRM) is the framework that consists of policies and procedures, controls, and oversight; established to identify and address risks imposed upon an organization by their third parties. To ensure third parties are operating securely and effectively, by adequately monitoring and mitigating risks related to the data and/or
processes that have been outsourced, an organization must have in place an effective TPRM program. Customers, board members, customers, and regulators often expect that organizations have mature TPRM programs in place.
TPRM Lifecycle
P.P.C.C.D.C
Six Phases:
1. Planning & Oversight
2. Pre-Contract Due Diligence
3. Contract Review
4. Continuous Monitoring
5. Disengagement
6. Continuous Improvement
Planning & Oversight
Provides an organization with the foundation to build upon and properly support their overall program.
Pre-Contract Due Diligence
Ensures the organization performs due diligence, commensurate with the level of inherent risk, to determine if the organization should proceed with a specific third party relationship and prior to signing a contract to ensure business needs will be met.
Contract Review
Ensures the organization documents relationship expectations in an agreement that can be upheld in a court of law. It also ensures risks noted within the due diligence process can be addressed within contractual clauses.
Continuous Monitoring
Requires the organization to assess third party risk on a continual basis to ensure contract terms, business obligations, legal and regulatory requirements, and performance expectations are met.
Disengagement
Ensures the organization is able to transition away from a third party with minimal impact should the relationship end due to contract expiration or when adverse/unplanned conditions are met.
Continuous Improvement
An ongoing activity which seeks to enhance the organization’s TPRM program as third party risk management guidance, trends, and techniques are realized.
