Pandemic Questionnaire Guidance & Vendor Assessment Content for Third-Party Risk Teams

2 minute read

May 2020

Before the emergence of COVID-19, third-party risk management programs were executing in a business-as-usual mode, dealing with onboarding, due diligence and ongoing monitoring activities.

With COVID-19, business leaders are now working together to assess the potential impact and lay out contingency plans – from instituting work-at-home policies, to reprioritizing projects and establishing financial resiliency timelines.

These activities shift the focus for third-party risk management teams to a triage approach, where they systematically prioritize impact areas, understand their highest risk functions and apply change that will help to weather the storm.

Supplemental risk assessments – like a pandemic questionnaire – can help risk management teams to quickly gain answers to critical questions about the health of third parties to aid in making the decision on where resources and focus should be directed.

Supplemental risk assessments for third parties should include questions related to the following risk areas:

Concentration Risk

Concentration risk is a term describing the level of risk arising from concentration to a single fourth party, or location. The risk arises from the observation that more concentrated products/services are less diverse and therefore more at risk from a single event.

COVID-19 Importance – Third parties and fourth parties could be in high-impact zones and be unable to provide continuous products/services.

Geo-Political Risk

Geopolitical risk is commonly defined as the risk of one country’s foreign policy influencing or upsetting domestic political and social policy in another country or region, but its scope is much wider. Geopolitical concerns include military conflicts, civil wars, terrorist attacks, riots, sanctions, etc.

COVID-19 Importance – Border restrictions, government policies and trade impacts make cross-border products/service delivery more difficult.

Financial Risk

Financial risk derives from the financial health of a third party, reflecting its ability to remain operational and deliver contracted products/services. The risk can be difficult to identify within private organizations but is an important indicator of financial solvency.

COVID-19 Importance – Financial resiliency plans typically are correlated to timelines and the health of the overall economy. Pauses in financial markets can weaken third and fourth-party ability to sustain operations.

Resiliency Risk / Business Continuity Risk

Business resilience is the ability an organization has to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets and overall brand equity.

COVID-19 Importance – Instituting work-from-home policies and continuity plans are essential to handle event-driven business disruptions.

Quickly Assess Vendor Populations with ProcessUnity’s Third-Party Pandemic Questionnaire

ProcessUnity has developed a set of questions in line with the above risk areas that quickly assess and gather relevant, event-driven information on an organization’s partner network and supply chain. It can be used as a reference point to develop your own pandemic-response questionnaire or as a ready-to-send survey to vet your critical and high-risk vendors.

Download ProcessUnity’s Third-Party Pandemic Questionnaire to open lines of communication with key vendors and help protect against potential interruptions in product or service delivery during COVID-19.

Note: No registration or personal information is required to download the questionnaire.

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit