-
Vendor
An external third-party organization or individual that provides products, services, or solutions to your organization and is subject to evaluation and monitoring for potential risks.
-
Confirmation Cycles
In TPRM, confirmation cycles are regular intervals at which organizations re-validate or update the information they have about a third-party vendor.
-
Vendor Tier Frameworks
A vendor tier framework is a way to categorize third-party vendors based on the level of risk they pose or the criticality of their services.
-
Question
A single inquiry used to gather specific information from a vendor, typically about their processes, controls, or compliance posture.
-
Question Library
A centralized collection of pre-approved questions that can be reused to build questionnaires and assessments, ensuring consistency and efficiency in vendor evaluations.
-
Questionnaire
A structured set of questions designed to collect detailed information from a vendor on specific topics such as security, compliance, or operational practices.
-
Questionnaire Library
A repository of pre-built questionnaires that can be assigned to vendors for standardized assessments, saving time and maintaining assessment quality.
-
Assessment
The process or outcome of evaluating a vendor’s responses and related evidence to determine their level of compliance, risk exposure, or adherence to requirements.
-
Reports
Generated summaries and analyses of assessment data, vendor performance, and risk metrics, used for tracking, decision-making, and demonstrating compliance.