Article Content

Third-Party Risk Assessment

• Determine the criticality of a third-party to the organization
• Risk rate third-party engagements based on its responses to questionnaires 
• Log and track remediation 
• Tie critical third-party engagements to information assets and their related risks, sourcing from our IT Risk Application
• Receive automated notifications when Third-Party Contracts expire

External Third-Party Portal

• External third parties can: 
  • Receive alerts and information requests
  • Send responses to questionnaires and attach any supporting documentation 
  • Communicate with the requestor
  • Provide updates on remediation items

Third-Party Reporting

• Out-of-the-box reports including:
  • Third-party Profile Reports 
  • Third-party Criticality Reports 
  • Geographic Overview of third parties
  • Gaps and Remediation Activities
  • Third-party Engagement Status Reports

Third-Party Repository

• Access and build a repository of third-party providers across the organization 
• Categorize third parties, including contact details, type, certifications, and associated third-party engagements
• Push updated questionnaire information to all assessments

Third-Party Questionnaires

• Supports third-party engagement assessment for third parties that provide multiple services
• Send pre-populated standard SIG/SIG Lite* questions covering security, access, privacy, resiliency, and other risks to the third-party for response
• Maintain and leverage multiple questionnaire frameworks depending on third-party engagement type or criticality
• Custom questionnaire support

Employee Request Portal

• Any internal employee can:
  • Request approval to outsource a particular function of the business to a third-party  
  • Obtain status updates and approval for a third-party request