Third-Party Risk Management

Third-Party Risk Management Best Practices Program

ProcessUnity's Complete, Comprehensive & Proven Program to Reduce Third-Party Risk

ProcessUnity Third-Party Risk Management

ProcessUnity Vendor Risk Management (VRM) protects companies and their brands by reducing risks from third-party vendors and suppliers. Combining a powerful vendor services catalog with risk process automation and dynamic reporting, ProcessUnity VRM streamlines third-party risk activities while capturing key supporting documentation that ensures compliance and fulfills regulatory requirements. ProcessUnity VRM provides powerful capabilities that automate tedious tasks and free risk managers to focus on higher-value mitigation strategies.

Third-Party Risk Management Best Practices

Best Practice Program for ProcessUnity Vendor Risk Management is a pre-configured third-party risk program with turn-key workflow, assessments, calculations, risk analysis and reporting. Developed by Third-Party Risk Management subject matter experts and perfected via hundreds of successful customer implementations, Best Practice Program delivers a complete, “out-of-the-box” program with a high-quality, systematic and repeatable assessment process that improves communication between lines of business, third-party risk analysts and third-parties to ultimately drive risk out of an organization. The low-touch, low-cost implementation gets customer programs up and running in no time. As a program changes and matures, customers can modify the pre-defined processes, calculations, roles and workflows via ProcessUnity’s unparalleled platform configuration capabilities.

Third-Party Risk Best Practices

Personal Dashboard

Monitor and track your program status with a configurable dashboard and real-time updates.

Third-Party Risk Management Best Practices Dashboard

Third-Party Risk Best Practices

Third-Party Request

Document key vendor data to expedite third-party requests, track status through closure and standardize onboarding processes.

Third-Party Risk Management Vendor Request

Third-Party Risk Best Practices

Service Review Scheduler

Schedule automatic service reviews and performance evaluations based on inherent risk scores.

Third-Party Risk Management Assessment Schedule

Third-Party Risk Best Practices

Assessment Review Report

Review vendor responses by priority level via automated preferred responses and yearly aggregate response comparison; create and track issues directly within the report.

Third-Party Risk Management Assessment Review Report

Workflows & Assessments

Pre-configured workflows establish the repeatable processes necessary for effectively managing third-party risk – from initial service identification and onboarding through contracts, ongoing vendor monitoring and offboarding. 

Included workflows: 

Onboarding Request Workflows Capture a new service request, automatically determine inherent risk, perform due diligence, manage issues and track contract data.

Ongoing Monitoring Workflows – Conduct periodic service reviews to monitor inherent risk changes, remediate issues, monitor vendor performance against KPIs and maintain a schedule for ongoing due diligence.

Third-Party Risk Management Ongoing Monitoring Workflow

Offboarding Workflows – Securely offboard third parties and ensure sensitive data is safely transitioned in a compliant manner.

Third-Party Risk Management Offboarding Workflow

Automated questionnaires end inefficient paper surveys and spreadsheets and simplify the assessment process for both organizations and their partners. Employing industry-standard questionnaires from Shared Assessments (SIG Core and SIG Lite) further streamlines the vendor assessment process.  

Easy to read reports of assessment results, third-party summary reports and program-level reporting help demonstrate program status to key stakeholders. 

Calculations & Scoring

ProcessUnity’s Best Practice Program provides built-in calculations, rating tiers, scoring and other logic critical to an automated third-party risk program, including:

  • Inherent Risk – Determine inherent risk based on responses to a pre-determined set of questions sourced from recommendations by the Office of the Comptroller of the Currency (OCC) and other governing bodies.
  • Automated Scoping – Based on the inherent risk score, ProcessUnity calculates the breadth and depth of the questions required for the third-party assessment.
  • Assessment Review Rating – Every external assessment receives a score calculated based on the number of high and medium severity issues identified.
  • Residual Risk – Determine control effectiveness based on a third party’s inherent risk rating and most recent assessment review rating.
  • Ongoing Monitoring Schedules – The risk methodology automatically determines ongoing due diligence frequency – annually, biennially or triennially.
  • Issue Remediation – Issues identified during assessment analysis are assigned a severity rating. Based on the severity, the issues are assigned a remediation schedule.
  • Preferred Responses – Preferred/non-preferred response calculations allow analysts to quickly make business decisions during due diligence reviews.
  • Performance Management – Centralize and track year-over-year trend analysis of vendor performance evaluations to better manage vendor relationships.
  • Geographic Risk – Automatically flag pre-determined domestic, foreign or sanctioned third-party services based on the organization’s unique criteria or published lists such as OFAC.
  • Key Performance Indicators (KPIs) – Benchmark and track key performance indicators throughout onboarding third-party services, assessment completion and issue management.

Vendor Portal

ProcessUnity’s Vendor Portal provides third parties with a secure, online environment to complete questionnaires, provide responses and comments, and attach supporting documentation. An easy-to-use interface, combined with instructions and guidance, improves vendor response time and response quality.

Interactive Dashboards & Reports

Built-in reports provide real-time visibility into the state of third-party risk and demonstrate to key stakeholders the existence of a consistent, reliable and repeatable program. Trend analysis monitors and manages changes in vendor performance with a side-by-side comparison of historical vendor responses. Interactive dashboards give visibility into ongoing risk assessment progress, the status of remediation activity and vendor risk ratings. Drill-down capabilities allow risk managers to quickly find the details in areas of concern.  

Best Practice Program contains a comprehensive library of pre-built reports to track critical vendor and service-risk information. Extensive custom reporting capabilities allow third-party managers to create management-level reports and individual dashboards through a simple-to-use interface. With ProcessUnity, organizations gain program-level reporting that manual methods simply cannot provide. 

Hundreds of organizations worldwide rely on ProcessUnity to make Vendor Risk Risk Management more effective and efficient. Schedule your personalized demo of our award-winning software and start your journey to a more mature, automated vendor risk management program today!

Request a Demo: ProcessUnity Vendor Risk Management

Third-Party Risk Management Software Demonstration