Detailed third-party risk assessments, planning and execution leveraging respected frameworks and experienced practitioners.
Third party risk presents major threats that can severely disrupt an organization, ultimately affecting your clients, customers, and employees.
That threat is constantly evolving, so our comprehensive assessment is designed to take stock of your existing TPRM program maturity across several foundational areas.
As a member of the Shared Assessments program, we use their Vendor Risk Management Maturity Model (VRMMM) tool to provide a holistic view of your program, identify strengths and gaps, jointly establish a target end-state, and provide actionable recommendations to continuously improve your unique environment.
Our Executive Report takes stock of your current TPRM program maturity, establishes a target state, and offers a plan for continuous improvement in your unique environment. While these reports are unique for each of our clients, here are some typical views you can expect.
Our TPRM assessments are just the beginning. We offer a full suite of follow-on services that are right-sized for you and your needs. After completing your TPRM maturity assessment, we offer additional services to support your journey to level up, including:
Assessment Scoping: Decrease mistakes while scoping your vendor assessments to prevent delays that can strain the outsourcer/vendor relationship. This helps you to move quickly while asking the right questions to ensure proper due diligence.
Remediation and Support: After completing a TPRM vendor assessment, we focus on remediation activities for your organization’s unique third-party environment to help you achieve a higher state of TPRM maturity.
TPRM as a Service: We understand the time and investment required to manage a TPRM program. Let us to perform the heavy lifting as we arm you with the data to make the best risk-based decisions for your organization.
Vendor Intelligence Centers: As your TPRM partner, we will operate a vendor intelligence center that gathers and interprets vendor-related data from your existing monitoring tools or from our trusted sources. We report these to you at the cadence right for you.
We establish a maturity benchmark across the eight domains covered within the following Shared Assessments VRMMM program components:
TPRM Assessment Foundational Areas
The VRMMM presents maturity levels based from 0 (meaning it’s non-existent), up to a maturity rating of 5 (meaning it’s in a state of continuous improvement). While you may not need or desire to be in the most mature state in all the foundational areas, the TPRM Assessment exercise allows for important, thought-provoking discussion around your unique risks, and what is required to reach the desired state.
|0 – Start-up or no Third Party Risk Management (TPRM) activity||No formalized Program|
|1 – Initial visioning and ad hoc activity||The need has been established; but it is not yet fully defined|
|2 – Approved road map and ad hoc activity||It is defined and approved, but it is not fully in place|
|3 – Defined and Established||Approved and established, but it is not fully operational|
|4 – Fully Implemented and operational||It is completely established and operational across the organization|
|5 – Continuous improvement||It represents best practice, and is regularly tested, measured and enhanced as needed|
Our TPRM team is well known and respected as “doers” in this space with unmatched experience designing, building, and maturing TPRM programs regardless of size and complexity.
Our expert TPRM team includes:
is an internationally recognized subject matter expert, author,
consultant, lecturer, and instructor for the Certified Third-Party Risk
Professional and Assessor (CTPRP, CTPRA) programs. He’s and experienced
professional with over 20 years of experience in performing and
consulting on IT and operational risk, security, privacy, audit,
resilience, and compliance in various industries.
is CEO & Managing Partner at Echelon. With nearly 20 years of
experience in IT, audit, risk and cybersecurity, he has led and built
highly focused cybersecurity teams at top professional service firms
before joining Echelon. Dan’s experience establishing and offering new
and innovative lines of cybersecurity services not only provides
leadership across the industry and organization, it’s the reason Echelon
was built and serves as its vision for growth.
has 30+ years of experience in IT and Information Security. Most
recently he led third-party risk assessment programs at PepsiCo,
evaluating the security controls for all third-party service
organizations who accessed, processed, or stored company data in
on-premises and cloud environments. He also initiated and led the
completion of a self-assessment questionnaire to assess and drive
maturity of the overall TPRM program. Matt enjoys leading certification
study groups and learning how others implement principles in the real
We offer a large