h1. Bootstrap heading

h2. Bootstrap heading

h3. Bootstrap heading

h4. Bootstrap heading

h5. Bootstrap heading

h6. Bootstrap heading

h1. Bootstrap heading

h2. Bootstrap heading

h3. Bootstrap heading

h4. Bootstrap heading

h5. Bootstrap heading

h6. Bootstrap heading

Fancy display heading
With faded secondary text

Display 1

Display 2

Display 3

Display 4

You can use the mark tag to highlight text.

~~This line of text is meant to be treated as deleted text.~~

~~This line of text is meant to be treated as no longer accurate.~~

This line of text is meant to be treated as an addition to the document.

This line of text will render as underlined

This line of text is meant to be treated as fine print.

This line rendered as bold text.

This line rendered as italicized text.

attr

HTML

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer posuere erat a ante.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer posuere erat a ante.

Someone famous in Source Title

Lorem ipsum dolor sit amet
Consectetur adipiscing elit
Integer molestie lorem at massa
Facilisis in pretium nisl aliquet
Nulla volutpat aliquam velit
- Phasellus iaculis neque
- Purus sodales ultricies
- Vestibulum laoreet porttitor sem
- Ac tristique libero volutpat at
Faucibus porta lacus fringilla vel
Aenean sit amet erat nunc
Eget porttitor lorem

Lorem ipsum
Phasellus iaculis
Nulla volutpat

Description lists

A description list is perfect for defining terms.

Euismod

Vestibulum id ligula porta felis euismod semper eget lacinia odio sem nec elit.

Donec id elit non mi porta gravida at eget metus.

Malesuada porta

Etiam porta sem malesuada magna mollis euismod.

Truncated term is truncated

Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus.

Nesting

Nested definition list: Aenean posuere, tortor sed cursus feugiat, nunc augue blandit nunc.

Quantifying inherent risk for third parties is one of the most important aspects of a best practice Vendor Risk Management program. Inherent risk – the amount of risk that exists before controls are put in place – is a calculation that can be used throughout the vendor risk lifecycle. Examples include:

Risk-Tiering Your Vendors – Use inherent risk as a metric to group your vendor populations by how critical they are to your business operations or by how much risk they pose to your organization.

Scoping Vendor Due Diligence – Riskier vendors require deeper due diligence before contracts are signed and vendors can be onboarded. A vendor’s inherent risk score can help determine the proper set of questions to include in the initial vendor assessment questionnaire.

Determining Post-Contract Due Diligence Frequency – When combined with previous assessment review ratings, inherent risk can be used to calculate a residual risk score. The residual risk score can determine how often your third-party risk team needs to conduct follow-on due diligence – annually, bi-annually, etc.

When implementing an inherent risk scoring system for your vendors, here are three tips to consider:

1. Make Inherent Risk a Key Part of the Vendor Request Process

Chances are that the person or department requesting a new supplier or service will have a good handle on how critical the vendor is to business operations. Leverage that knowledge and capture it as part of the vendor request process. Include gating or intake questions in your vendor request form, portal or process – questions whose answers paint a clear picture of a potential vendor’s riskiness to your firm. By involving “the business” in the vendor inherent risk calculation, you build a risk-aware culture while also getting a clearer picture of the risks that need to be mitigated.

2. Use Risk Domains to Define the Right Vendor Inherent Risk Questions

It’s important to include the right questions in your internal inherent risk questionnaire. Every organization has different risks to contend with. Be sure to consider these nine risk areas when determining which questions to include in vendor service requests:

Identity – Is the vendor a real organization? Are they who they say they are?
Information Security – Will the vendor have access to sensitive information? How much?
Geographic – Is the vendor’s location a risk? Will the service be performed internationally? Is that an issue?
Financial – Is the vendor financially secure? How large is the proposed contract?
Business Continuity – How hard is it to replace this vendor should something happen?
Fourth Parties – Does the vendor outsource portions of the service to other companies?
Reputation – Was/is the vendor involved in any activity that could reflect negatively on your organization?
Compliance – What laws or regulations are in play here? Can the vendor demonstrate compliance?
Conflict of Interest – Are there any conflicts that you should be aware of?

Learn More: Download our expert guide, How to Quantify and Manage Inherent Risk for Third Parties, for more details on risk domains and how to build an effective inherent risk questionnaire for your organization.

3. Create an Inherent Risk Scoring and Tiering System for Your Vendors

You have the right intake questions on the vendor request form, and you have business users helping you answer the questions. Now, take it one step further: Assign point values to your questions and build a scoring system that determines which risk tier each of your vendors belongs to. Organizations must determine a point system that makes sense for their business – each response must be aligned to a specific variable, score or value (point, letter, etc.) and weighed accordingly.

This step requires some work; but if done correctly, you’ll have a world-class classification system that you can use throughout the third-party risk lifecycle – initial vendor due diligence, onboarding, ongoing monitoring and more.

Here’s an example of an inherent risk questionnaire completed as part of a request to onboard a records shredder company:

Based on the answers to the intake questions (and the resulting scores), this vendor sits in the high-risk tier for this organization.

Inherent risk scoring and risk-tiering your vendors will also help prioritize where to focus your time and energy when resources are tight. Obviously, the most critical vendors should get your utmost attention. Vendor risk classification can also be used to make a business case to get additional resources – in the forms of software tools, consulting help or outsourced assessment work – when you fall behind.

Quantifying Inherent Risk for Your Vendors Requires Rigor

It’s impossible to avoid risk altogether. Inherent risk is just that — inherent. However, with an effective methodology for quantifying inherent risk, you can mitigate risk as much as possible and protect your enterprise. Objectively judging the risk any given vendor poses is key to protecting the information for which your company is responsible.

Take the next step: Our experts put together a detailed guide for organizations looking to improve their inherent risk calculations. Download How to Quantify and Manage Inherent Risk for Third Parties for real-world advice on developing a quantification methodology that will guide your company to a better and more effective third-party risk management program.

Cookie	Type	Duration	Description
__cfduid	1	1 month	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address d apply security settings on a per-client basis. It doesnot correspond to any user ID in the web application and does not store any personally identifiable information.
__stripe_mid		1 year	Stripe sets this cookie cookie to process payments.
__stripe_sid		30 minutes	Stripe sets this cookie cookie to process payments.
cli_user_preference	0	1 year	This cookie stores consolidated information of consent of all categories in the GDPR Cookie Consent plugin. This cookie is used to ensure the smooth functioning of the plugin with certain cache plugins.
connect.sid		2 hours	This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checkbox-advertisement	0	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	0	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	0	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Functional".
cookielawinfo-checkbox-marketing	0	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Marketing".
cookielawinfo-checkbox-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-preferences	0	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Preferences'.
cookiesession1		1 year	This cookie is set by the Fortinet firewall. This cookie is used for protecting the website from abuse.
PHPSESSID	0		This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	0	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__cf_bm		30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__sharethis_cookie_test__		session	ShareThis sets this cookie to track which pages are being shared and by whom.
bcookie	0	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie	1	2 years	This cookie is a browser ID cookie set by LinkedIn share Buttons and ad tags.
cf_ob_info	0	1 minute	The CloudFlare service is mostly used for content distribution network (CDN) services.
cf_use_ob	0	1 minute	The CloudFlare service is mostly used for content distribution network (CDN) services.
cookielawinfo-checkbox-uncategorized	0	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for cookies in the category "Uncategorized".
CookieLawInfoConsent	0	1 year	Records the default button state of the corresponding category along with the status of CCPA.
lang	0		This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	0	1 day	This cookie is set by LinkedIn and used for routing.
lissc	0	1 year	Cookie used for Sign-in with Linkedin and/or for LinkedIn follow feature.
ppwp_wp_session	session	30 minutes	ppwp_wp_session is a cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing the user's session on the website. The cookie is a session cookie and is deleted when all browser windows are closed.

Cookie	Type	Duration	Description
__stid	0	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
__stidv	0	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
_ce.s		1 year	This Crazy Egg cookie records visitor session unique ID, tracking host and start time.
_CEFT		1 year	Crazy Egg cookie that stores page variants assigned to visitors for A/B performance testing.
_ga	0	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_ga_63P4X1D7BY		2 years	This cookie is installed by Google Analytics.
_gcl_au	0	2 months	This cookie is used by Google Analytics to understand user interaction with the website. All information this cookie collects is aggregated and therefore anonymous.
_gid	0	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
6suuid	0	2 years	6sense is a B2B predictive intelligence engine for marketing and sales.
BIGipServerab07web-nginx-app_https	1		This is a cookie used by the Marketo marketing platform for user tracking purposes.
cebs		session	This Crazy Egg cookie is used to track the current user session internally.
site_identity	1	2 years	An analytics cookie that is used to better understand your use of our website.
sliguid	0	5 years	Salesloft cookie for use in live website tracking to help identify and qualify leads.
slireg	0	1 week	Salesloft cookie for use in live website tracking to help identify and qualify leads.
slirequested	0	5 years	Salesloft cookie for use in live website tracking to help identify and qualify leads.
undefined		never	Wistia sets this cookie to collect data on visitor interaction with the website's video-content, to make the website's video-content more relevant for the visitor.

Cookie	Type	Duration	Description
_ce.cch		session	Used to check if cookies can be added.
_ce.gtld		session	Used to identity the top level domain.
AnalyticsSyncHistory		1 month	This LinkedIn cookie is used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries.
li_gc		2 years	This is a cookie from LinkedIn and is used for storing visitors' consent regarding the use of cookies for non-essential purposes.
loglevel	persistent	never	Maintains settings and outputs when using the Developer Tools Console on current session.
route-gcrowd-fe-prod		session	This allows the website to embed quotes from Gartner Peer Insights reviews.
test_cookie	0	11 months	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the users' browser supports cookies.

Cookie	Type	Duration	Description
IDE	1	2 years	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
li_sugr	0	2 months	This cookie is a browser ID cookie set by LinkedIn when an IP address is not in a Designated Country.
u	0	2 months	LinkedIn Insight Tag, when IP address is not in a Designated Country
UserMatchHistory	0	4 weeks	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

test

h1. Bootstrap heading

h2. Bootstrap heading

h3. Bootstrap heading

h4. Bootstrap heading

h5. Bootstrap heading

h6. Bootstrap heading

Fancy display heading With faded secondary text

Display 1

Display 2

Display 3

Display 4

1. Make Inherent Risk a Key Part of the Vendor Request Process

2. Use Risk Domains to Define the Right Vendor Inherent Risk Questions

3. Create an Inherent Risk Scoring and Tiering System for Your Vendors

Fancy display heading
With faded secondary text