Third-Party Risk Management

Third-Party Risk Management Best Practices Program

ProcessUnity's Complete, Comprehensive & Proven Program to Reduce Third-Party Risk

ProcessUnity Third-Party Risk Management

ProcessUnity Vendor Risk Management (VRM) protects companies and their brands by reducing risks from third-party vendors and suppliers. Combining a powerful vendor services catalog with risk process automation and dynamic reporting, ProcessUnity VRM streamlines third-party risk activities while capturing key supporting documentation that ensures compliance and fulfills regulatory requirements. ProcessUnity VRM provides powerful capabilities that automate tedious tasks and free risk managers to focus on higher-value mitigation strategies.

Third-Party Risk Management Best Practices

Best Practice Program for ProcessUnity Vendor Risk Management is a pre-configured third-party risk program with turn-key workflow, assessments, calculations, risk analysis and reporting. Developed by Third-Party Risk Management subject matter experts and perfected via hundreds of successful customer implementations, Best Practice Program delivers a complete, “out-of-the-box” program with a high-quality, systematic and repeatable assessment process that improves communication between lines of business, third-party risk analysts and third-parties to ultimately drive risk out of an organization. The low-touch, low-cost implementation gets customer programs up and running in no time. As a program changes and matures, customers can modify the pre-defined processes, calculations, roles and workflows via ProcessUnity’s unparalleled platform configuration capabilities.

Third-Party Risk Best Practices

Personal Dashboard

Monitor and track your program status with a configurable dashboard and real-time updates.

Third-Party Risk Management Best Practices Dashboard

Third-Party Risk Best Practices

Third-Party Request

Document key vendor data to expedite third-party requests, track status through closure and standardize onboarding processes.

Third-Party Risk Management Vendor Request

Third-Party Risk Best Practices

Service Review Scheduler

Schedule automatic service reviews and performance evaluations based on inherent risk scores.

Third-Party Risk Management Assessment Schedule

Third-Party Risk Best Practices

Assessment Review Report

Review vendor responses by priority level via automated preferred responses and yearly aggregate response comparison; create and track issues directly within the report.

Workflows & Assessments

Pre-configured workflows establish the repeatable processes necessary for effectively managing third-party risk – from initial service identification and onboarding through contracts, ongoing vendor monitoring and offboarding.

Included workflows:

Onboarding Request Workflows – Capture a new service request, automatically determine inherent risk, perform due diligence, manage issues and track contract data.

Ongoing Monitoring Workflows – Conduct periodic service reviews to monitor inherent risk changes, remediate issues, monitor vendor performance against KPIs and maintain a schedule for ongoing due diligence.

Offboarding Workflows – Securely offboard third parties and ensure sensitive data is safely transitioned in a compliant manner.

Automated questionnaires end inefficient paper surveys and spreadsheets and simplify the assessment process for both organizations and their partners. Employing industry-standard questionnaires from Shared Assessments (SIG Core and SIG Lite) further streamlines the vendor assessment process.

Easy to read reports of assessment results, third-party summary reports and program-level reporting help demonstrate program status to key stakeholders.

Calculations & Scoring

ProcessUnity’s Best Practice Program provides built-in calculations, rating tiers, scoring and other logic critical to an automated third-party risk program, including:

Inherent Risk – Determine inherent risk based on responses to a pre-determined set of questions sourced from recommendations by the Office of the Comptroller of the Currency (OCC) and other governing bodies.
Automated Scoping – Based on the inherent risk score, ProcessUnity calculates the breadth and depth of the questions required for the third-party assessment.
Assessment Review Rating – Every external assessment receives a score calculated based on the number of high and medium severity issues identified.
Residual Risk – Determine control effectiveness based on a third party’s inherent risk rating and most recent assessment review rating.
Ongoing Monitoring Schedules – The risk methodology automatically determines ongoing due diligence frequency – annually, biennially or triennially.

Issue Remediation – Issues identified during assessment analysis are assigned a severity rating. Based on the severity, the issues are assigned a remediation schedule.
Preferred Responses – Preferred/non-preferred response calculations allow analysts to quickly make business decisions during due diligence reviews.
Performance Management – Centralize and track year-over-year trend analysis of vendor performance evaluations to better manage vendor relationships.
Geographic Risk – Automatically flag pre-determined domestic, foreign or sanctioned third-party services based on the organization’s unique criteria or published lists such as OFAC.
Key Performance Indicators (KPIs) – Benchmark and track key performance indicators throughout onboarding third-party services, assessment completion and issue management.

Vendor Portal

ProcessUnity’s Vendor Portal provides third parties with a secure, online environment to complete questionnaires, provide responses and comments, and attach supporting documentation. An easy-to-use interface, combined with instructions and guidance, improves vendor response time and response quality.

Interactive Dashboards & Reports

Built-in reports provide real-time visibility into the state of third-party risk and demonstrate to key stakeholders the existence of a consistent, reliable and repeatable program. Trend analysis monitors and manages changes in vendor performance with a side-by-side comparison of historical vendor responses. Interactive dashboards give visibility into ongoing risk assessment progress, the status of remediation activity and vendor risk ratings. Drill-down capabilities allow risk managers to quickly find the details in areas of concern.

Best Practice Program contains a comprehensive library of pre-built reports to track critical vendor and service-risk information. Extensive custom reporting capabilities allow third-party managers to create management-level reports and individual dashboards through a simple-to-use interface. With ProcessUnity, organizations gain program-level reporting that manual methods simply cannot provide.

Request a Demo: ProcessUnity Vendor Risk Management

Hundreds of organizations worldwide rely on ProcessUnity to make Vendor Risk Risk Management more effective and efficient. Schedule your personalized demo of our award-winning software and start your journey to a more mature, automated vendor risk management program today!

Request a Demo: ProcessUnity Vendor Risk Management

Third-Party Risk Management Software Demonstration

Cookie	Duration	Description
__cfduid	1 month	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address d apply security settings on a per-client basis. It doesnot correspond to any user ID in the web application and does not store any personally identifiable information.
__stripe_mid	1 year	Stripe sets this cookie cookie to process payments.
__stripe_sid	30 minutes	Stripe sets this cookie cookie to process payments.
cli_user_preference	1 year	This cookie stores consolidated information of consent of all categories in the GDPR Cookie Consent plugin. This cookie is used to ensure the smooth functioning of the plugin with certain cache plugins.
connect.sid	2 hours	This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checkbox-advertisement	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Advertisement'.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-functional	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Functional".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-marketing	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Marketing".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-preferences	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Preferences'.
cookiesession1	1 year	This cookie is set by the Fortinet firewall. This cookie is used for protecting the website from abuse.
PHPSESSID	1 year	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__sharethis_cookie_test__	session	ShareThis sets this cookie to track which pages are being shared and by whom.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
bscookie	2 years	This cookie is a browser ID cookie set by LinkedIn share Buttons and ad tags.
cf_ob_info	1 minute	The CloudFlare service is mostly used for content distribution network (CDN) services.
cf_use_ob	1 minute	The CloudFlare service is mostly used for content distribution network (CDN) services.
cookielawinfo-checkbox-uncategorized	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for cookies in the category "Uncategorized".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category along with the status of CCPA.
lang	1 year	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
lissc	1 year	Cookie used for Sign-in with Linkedin and/or for LinkedIn follow feature.
ppwp_wp_session	30 minutes	ppwp_wp_session is a cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing the user's session on the website. The cookie is a session cookie and is deleted when all browser windows are closed.

Cookie	Duration	Description
__stid	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
__stidv	1 year	The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc.
_ce.s	1 year	This Crazy Egg cookie records visitor session unique ID, tracking host and start time.
_CEFT	1 year	Crazy Egg cookie that stores page variants assigned to visitors for A/B performance testing.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_ga_63P4X1D7BY	2 years	This cookie is installed by Google Analytics.
_gcl_au	2 months	This cookie is used by Google Analytics to understand user interaction with the website. All information this cookie collects is aggregated and therefore anonymous.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
6suuid	2 years	6sense is a B2B predictive intelligence engine for marketing and sales.
BIGipServerab07web-nginx-app_https	1 year	This is a cookie used by the Marketo marketing platform for user tracking purposes.
cebs	session	This Crazy Egg cookie is used to track the current user session internally.
site_identity	2 years	An analytics cookie that is used to better understand your use of our website.
sliguid	5 years	Salesloft cookie for use in live website tracking to help identify and qualify leads.
slireg	1 week	Salesloft cookie for use in live website tracking to help identify and qualify leads.
slirequested	5 years	Salesloft cookie for use in live website tracking to help identify and qualify leads.
undefined	never	Wistia sets this cookie to collect data on visitor interaction with the website's video-content, to make the website's video-content more relevant for the visitor.

Cookie	Duration	Description
_mkto_trk	2 years	This cookie is associated with an email marketing service provided by Marketo. This tracking cookie allows the website to link visitor behavior to the recipient of an email marketing campaign, to measure campaign effectiveness.
_mkto_trk	2 years	This cookie is associated with an email marketing service provided by Marketo. This tracking cookie allows the website to link visitor behavior to the recipient of an email marketing campaign, to measure campaign effectiveness.
_mkto_trk	2 years	This cookie, provided by Marketo, has information (such as a unique user ID) that is used to track the user's site usage. The cookies set by Marketo are readable only by Marketo.

Cookie	Duration	Description
cebsp	session	No description
m	2 years	No description available.
pvc_visits[0]	past	This cookie is created by post-views-counter. This cookie is used to count the number of visits to a post. It also helps in preventing repeat views of a post by a visitor.