Blog

Charting Your Course Through the TPRM Forest

If your journey to third party risk management (TPRM) maturity includes an RFP in the coming months, you might be feeling a little unsure about the right direction to move forward in the vendor selection process. That’s why Aravo asked Michael Rasmussen of GRC 20/20 to provide Best Practices for Third Party Management RFPs in a recent webinar.  

During the presentation, Michael outlined the key capabilities you need to look for if you’re planning a technology purchase to help you to achieve your organization’s third party management objectives, address the uncertainty that comes with risk, and act with integrity. To bring this to life he used the analogy of the forest.  If you compare your individual third parties to trees, he said, the forest is the interconnectedness of relationships on the organization. To achieve the highest level of TPRM maturity (as illustrated in the chart below), you need to make sure your RFP is designed to identify tools that deliver a deep understanding of both the individual third parties (the relationship level), their engagements (the contract level), and the ecosystem they are a part of.

Read More

Topics: tprm, rfi, poc, rfp, request for proposal, request for information, best practices, proof of concept, third party risk management program, third party risk management maturity

Is Best Practice for RFPs not to Issue RFPs?

The RFP has long been accepted as an “objective” way to conduct vendor selection for purchases ranging from hard goods to complex services. Its often lengthy list of feature/function-oriented questions is considered a means to level the playing field between vendors while demonstrating adequate due diligence. But is it necessarily the best way to buy third party risk management (TPRM) technology?

Read More

Topics: Third Party Management, rfi, poc, rfp, request for proposal, request for information, best practices, proof of concept