Abstract blue background11b 2021 09 04 07 52 06 utc

Take a proactive step to assess risk, establish a target end-state, and improve long-term cyber posture.

Detailed third-party risk assessments, planning and execution leveraging respected frameworks and experienced practitioners.

Level Up with the Most Respected TPRM Maturity Model

Third party risk presents major threats that can severely disrupt an organization, ultimately affecting your clients, customers, and employees.

That threat is constantly evolving, so our comprehensive assessment is designed to take stock of your existing TPRM program maturity across several foundational areas.

As a member of the Shared Assessments program, we use their Vendor Risk Management Maturity Model (VRMMM) tool to provide a holistic view of your program, identify strengths and gaps, jointly establish a target end-state, and provide actionable recommendations to continuously improve your unique environment.

TPRM Maturity Assessments – The Executive Report

Our Executive Report takes stock of your current TPRM program maturity, establishes a target state, and offers a plan for continuous improvement in your unique environment. While these reports are unique for each of our clients, here are some typical views you can expect.

TPRM Maturity Assessment Results - Summary View
TPRM Maturity Assessment Results - Summary View
TPRM Maturity Assessment Results - Average Maturity Rating
TPRM Maturity Assessment Results - Average Maturity Rating

Download an example of our TPRM Assessment Executive Report

Hands-On TPRM Help Beyond the Assessment

Our TPRM assessments are just the beginning. We offer a full suite of follow-on services that are right-sized for you and your needs. After completing your TPRM maturity assessment, we offer additional services to support your journey to level up, including:

Assessment Scoping: Decrease mistakes while scoping your vendor assessments to prevent delays that can strain the outsourcer/vendor relationship. This helps you to move quickly while asking the right questions to ensure proper due diligence.

Remediation and Support: After completing a TPRM vendor assessment, we focus on remediation activities for your organization’s unique third-party environment to help you achieve a higher state of TPRM maturity.

TPRM as a Service: We understand the time and investment required to manage a TPRM program. Let us to perform the heavy lifting as we arm you with the data to make the best risk-based decisions for your organization.

Vendor Intelligence Centers: As your TPRM partner, we will operate a vendor intelligence center that gathers and interprets vendor-related data from your existing monitoring tools or from our trusted sources. We report these to you at the cadence right for you.

Learn More: TPRM Areas Assessed, Maturity Levels

We establish a maturity benchmark across the eight domains covered within the following Shared Assessments VRMMM program components:

TPRM Assessment Foundational Areas

  • 1.0 Program Governance
  • 2.0 Policies, Standards, and Procedures
  • 3.0 Contract Development, Adherence, & Mgmt
  • 4.0 Vendor Risk Assessment Process
  • 5.0 Skills & Expertise
  • 6.0 Information Sharing
  • 7.0 Tools, Measurements and Analysis
  • 8.0 Monitoring and Review

The VRMMM presents maturity levels based from 0 (meaning it’s non-existent), up to a maturity rating of 5 (meaning it’s in a state of continuous improvement). While you may not need or desire to be in the most mature state in all the foundational areas, the TPRM Assessment exercise allows for important, thought-provoking discussion around your unique risks, and what is required to reach the desired state.

Maturity Level


0 – Start-up or no Third Party Risk Management (TPRM) activityNo formalized Program
1 – Initial visioning and ad hoc activityThe need has been established; but it is not yet fully defined
2 – Approved road map and ad hoc activityIt is defined and approved, but it is not fully in place
3 – Defined and EstablishedApproved and established, but it is not fully operational
4 – Fully Implemented and operational
It is completely established and operational across the organization
5 – Continuous improvement
It represents best practice, and is regularly tested, measured and enhanced as needed

TPRM Pros – from Assessment to Execution

Our TPRM team is well known and respected as “doers” in this space with unmatched experience designing, building, and maturing TPRM programs regardless of size and complexity.

Our expert TPRM team includes:

Tom is an internationally recognized subject matter expert, author, consultant, lecturer, and instructor for the Certified Third-Party Risk Professional and Assessor (CTPRP, CTPRA) programs. He’s and experienced professional with over 20 years of experience in performing and consulting on IT and operational risk, security, privacy, audit, resilience, and compliance in various industries.


  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Privacy Technologist (CIPT)
  • Certified Third-Party Risk Professional (CTPRP)
  • Certified Third-Party Risk Assessor (CTPRA)

Dan is CEO & Managing Partner at Echelon. With nearly 20 years of experience in IT, audit, risk and cybersecurity, he has led and built highly focused cybersecurity teams at top professional service firms before joining Echelon. Dan’s experience establishing and offering new and innovative lines of cybersecurity services not only provides leadership across the industry and organization, it’s the reason Echelon was built and serves as its vision for growth.


  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Cybersecurity Maturity Model Certification-Registered Practitioner (CMMC-RP)
  • Certified Third-Party Risk Assessor (CTPRA)
  • Certified Third-Party Risk Professional (CTPRP)

We offer a large
pool of qualified
third-party assessors:

Zachary Wash
Let's Talk! See an Executive Report and Get More Info!