If your journey to third party risk management (TPRM) maturity includes an RFP in the coming months, you might be feeling a little unsure about the right direction to move forward in the vendor selection process. That’s why Aravo asked Michael Rasmussen of GRC 20/20 to provide Best Practices for Third Party Management RFPs in a recent webinar.
During the presentation, Michael outlined the key capabilities you need to look for if you’re planning a technology purchase to help you to achieve your organization’s third party management objectives, address the uncertainty that comes with risk, and act with integrity. To bring this to life he used the analogy of the forest. If you compare your individual third parties to trees, he said, the forest is the interconnectedness of relationships on the organization. To achieve the highest level of TPRM maturity (as illustrated in the chart below), you need to make sure your RFP is designed to identify tools that deliver a deep understanding of both the individual third parties (the relationship level), their engagements (the contract level), and the ecosystem they are a part of.