Third-Party Risk 5-Min Demo
OneTrust Vendor Risk Management is purpose-built to automate the third-party risk lifecycle
Many organizations follow a common workflow to:
- Onboard & Prioritize Vendors
- Assess Those Third Parties
- Review & Mitigate Risks
- Monitor & Offboard Vendors
- And visualize & report across the vendor lifecycle
Building Your Third-Party Inventory
First, organizations can easily build a vendor inventory through a number of methods. For instance, organizations can leverage Self-Service Portals to enable business users to add vendors themselves. In addition, users can activate or connect system integrations to connect with procurement, contracting, and other tools. Or utilize traditional and efficient methods such as bulk imports to easily upload existing information into a centralized vendor inventory.
During our third-party risk management demo video, you’ll see how within the central vendor inventory. Because each third party has an individual profile where you can store the information most relevant to your organization. For instance, unique vendor attributes that you can select from, create new, or configure for your system use. In addition, track in-process or previously conducted risk assessments that have been sent out to a third-party partner.
Here, users can identify all engagements with the vendor throughout the vendor lifecycle. Then, you can map all associated risks, as well as calculate the aggregate risk score per vendor or third party. Similarly, attach or scan relevant documents such as contracts or SLAs, seamlessly transfer the data into a searchable meta-data or field level structure to query at a later time. Realize the concentration of risk as a result of tracking related vendors or processing activities. Monitor all controls the vendor has implemented. Furthermore, review any relevant certifications, and track all activity with a detailed audit trail.
Dynamically Assess Third-Party Partners and Vendors
Within this third-party risk management demo video, we’ll review how to conduct assessments. Users can perform the assessment process themselves, or alternatively, order pre-completed assessments from our Vendorpedia Third-Party Risk Exchange.
The Vendorpedia Exchange is a community of shared – and pre-completed – vendor risk assessments. As a result, ordering a pre-completed assessment from the exchange is easy. First, simply browse the exchange for your vendor and request access to an assessment. Then, this sends a notification to the vendor to approve the request. However, if the vendor hasn’t already added an assessment to the exchange, the OneTrust team will work with the vendor to get it added.
Alternatively, to perform the assessment process yourself, you can:
- Choose a questionnaire from dozens of our industry-standard templates or upload your own
- Customize the assessment to meet your use case
- Add in automation rules to trigger actions, such as risk flagging, to reduce manual work
Select the vendor or vendors you’d like to assess to send the questionnaire. Watch this OneTrust GRC Third-Party Risk Management demo video to learn more about solutions your organizations could benefit from today!