What it is (plain English)
Assessing and monitoring the risk your vendors and partners introduce: sending due-diligence questionnaires, scoring responses, tracking issues to remediation, and re-assessing periodically — so third-party risk is managed continuously rather than at onboarding only.
Problems it solves
- Vendors onboarded with little or inconsistent risk due diligence.
- Assessment questionnaires managed over email and spreadsheets.
- No ongoing monitoring after the initial vendor review.
- No consolidated view of concentration and exposure across vendors.
What must exist first
Platform Core Setup. Complements Risk Management (vendor risks roll into enterprise risk) and often connects to procurement/supplier data.
What the customer needs to provide
- Your vendor inventory and how vendors are tiered by criticality.
- Your assessment questionnaires and scoring approach.
- The onboarding and re-assessment cadence you want.
- Issue remediation and escalation expectations.
Where it can go next
Vendor risks feed Risk Management; integrates with procurement/Source-to-Pay Operations and supplier lifecycle; external risk-intelligence feeds can automate monitoring.