Third Party Risk Management Maturity Assessments image

Take a proactive step to assess risk, establish a target end-state, and improve long-term cyber posture.

Detailed third-party risk assessments, planning and execution leveraging respected frameworks and experienced practitioners.

Level Up with the Most Respected TPRM Maturity Model

Third party risk presents major threats that can severely disrupt an organization, ultimately affecting your clients, customers, and employees.

That threat is constantly evolving, so our comprehensive assessment is designed to take stock of your existing TPRM program maturity across several foundational areas.

As a member of the Shared Assessments program, we use their Vendor Risk Management Maturity Model (VRMMM) tool to provide a holistic view of your program, identify strengths and gaps, jointly establish a target end-state, and provide actionable recommendations to continuously improve your unique environment.

Third-Party Risk Management insights from our team:
It’s Time for Healthcare to Focus on Vendor Risk Maturity
Cybersecurity breaches are on the rise for healthcare, with many coming through the supply chain. Here's practical advice on how to assess the maturity of a third-party risk management program and reduce the risk associated with vendors and business partners.
Are Your Vendors “Tall enough to Ride the Ride”?
We can think about an amusement park’s rider height and restriction requirements as a useful way to describe risk tolerances when onboarding new vendors or increasing scopes of work to existing ones.
Looking Inward, Charting a New Course for Effective TPRM
Most current third-party risk management (TPRM) programs are external-facing. But what if the greatest threat to your organization wasn’t external?

TPRM Maturity Assessments – The Executive Report

Our Executive Report takes stock of your current TPRM program maturity, establishes a target state, and offers a plan for continuous improvement in your unique environment. While these reports are unique for each of our clients, here are some typical views you can expect.

TPRM Maturity Assessment Results - Summary View
TPRM Maturity Assessment Results - Summary View
TPRM Maturity Assessment Results - Average Maturity Rating
TPRM Maturity Assessment Results - Average Maturity Rating

Download an example of our TPRM Assessment Executive Report

Hands-On TPRM Help Beyond the Assessment

Our TPRM assessments are just the beginning. We offer a full suite of follow-on services that are right-sized for you and your needs. After completing your TPRM maturity assessment, we offer additional services to support your journey to level up, including:

Assessment Scoping: Decrease mistakes while scoping your vendor assessments to prevent delays that can strain the outsourcer/vendor relationship. This helps you to move quickly while asking the right questions to ensure proper due diligence.

Remediation and Support: After completing a TPRM vendor assessment, we focus on remediation activities for your organization’s unique third-party environment to help you achieve a higher state of TPRM maturity.

TPRM as a Service: We understand the time and investment required to manage a TPRM program. Let us to perform the heavy lifting as we arm you with the data to make the best risk-based decisions for your organization.

Vendor Intelligence Centers: As your TPRM partner, we will operate a vendor intelligence center that gathers and interprets vendor-related data from your existing monitoring tools or from our trusted sources. We report these to you at the cadence right for you.

Let's Talk! See an Executive Report and Get More Info!

Learn More: TPRM Areas Assessed, Maturity Levels

We establish a maturity benchmark across the eight domains covered within the following Shared Assessments VRMMM program components:

TPRM Assessment Foundational Areas

  • 1.0 Program Governance
  • 2.0 Policies, Standards, and Procedures
  • 3.0 Contract Development, Adherence, & Mgmt
  • 4.0 Vendor Risk Assessment Process
  • 5.0 Skills & Expertise
  • 6.0 Information Sharing
  • 7.0 Tools, Measurements and Analysis
  • 8.0 Monitoring and Review

The VRMMM presents maturity levels based from 0 (meaning it’s non-existent), up to a maturity rating of 5 (meaning it’s in a state of continuous improvement). While you may not need or desire to be in the most mature state in all the foundational areas, the TPRM Assessment exercise allows for important, thought-provoking discussion around your unique risks, and what is required to reach the desired state.

Maturity Level

Definition

0 – Start-up or no Third Party Risk Management (TPRM) activityNo formalized Program
1 – Initial visioning and ad hoc activityThe need has been established; but it is not yet fully defined
2 – Approved road map and ad hoc activityIt is defined and approved, but it is not fully in place
3 – Defined and EstablishedApproved and established, but it is not fully operational
4 – Fully Implemented and operational
It is completely established and operational across the organization
5 – Continuous improvement
It represents best practice, and is regularly tested, measured and enhanced as needed

TPRM Pros – from Assessment to Execution

Our TPRM team is well known and respected as “doers” in this space with unmatched experience designing, building, and maturing TPRM programs regardless of size and complexity.

Our expert TPRM team includes:

Tom is an internationally recognized subject matter expert, author, consultant, lecturer, and instructor for the Certified Third-Party Risk Professional and Assessor (CTPRP, CTPRA) programs. He’s and experienced professional with over 20 years of experience in performing and consulting on IT and operational risk, security, privacy, audit, resilience, and compliance in various industries.

Certifications

  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Privacy Technologist (CIPT)
  • Certified Third-Party Risk Professional (CTPRP)
  • Certified Third-Party Risk Assessor (CTPRA)

Dan is CEO & Managing Partner at Echelon. With nearly 20 years of experience in IT, audit, risk and cybersecurity, he has led and built highly focused cybersecurity teams at top professional service firms before joining Echelon. Dan’s experience establishing and offering new and innovative lines of cybersecurity services not only provides leadership across the industry and organization, it’s the reason Echelon was built and serves as its vision for growth.

Certifications

  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Cybersecurity Maturity Model Certification-Registered Practitioner (CMMC-RP)
  • Certified Third-Party Risk Assessor (CTPRA)
  • Certified Third-Party Risk Professional (CTPRP)



We offer a large
pool of qualified
third-party assessors:

Zachary Wash
Let's Talk! See an Executive Report and Get More Info!