Third Party Risk Management

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
1. Third Party Risk Management focuses on identifying and reducing risks relating to the use of third parties.


Third Party Risk Management (TPRM):

Notes (1): enables organisations to monitor and assess the risk posed by third parties.

Notes (2): identifies where the risk exceeds the TPRM threshold set by the business.

Notes (3): requires organisation to build a business engagement model with supporting analytical processes to ensure it has visibility of all Third Parties supporting the organisation.

Notes (4): ensures an effective governance model is in place to provide oversight of performance and risk across the entire supply chain.

Notes (5): should implement risk assessments that include sub-contractor risks.

Notes (6): Third party refers to as vendors, suppliers, partners, contractors, sub-contractors, or service providers.


Related Term: Operational Resilience, Business Impact Analysis, Inter-dependencies


BCMBoK Competency Level
BCMBoK 0: BCM Fundamentals CL 1B: Foundation (BC)


BCMBoK Competency Level
BCMBoK 0: BCM Fundamentals CL 1C: Foundation (CM)


BCMBoK Competency Level
BCMBoK 0: BCM Fundamentals CL 1CC: Foundation (CC)


BCMBoK Competency Level
BCMBoK 0: BCM Fundamentals CL 1D: Foundation (DR)


BoK Competency Level
BCMBoK 0: OR Fundamentals CL 1OR: Foundation (OR)

(Source: Business Continuity Management Institute - BCM Institute)