LMACS

TPRM, or Third-
TPRM is
Third-party risk Party Risk
sometimes
management Management, is
TPRM helps interchangeably
(TPRM) focuses a comprehensive
organizations used with other

LMACS
on identifying TPRM programs discipline that
understand how terms like VRM,
and minimizing vary but have addresses the
they use third vendor
the risks linked universal best management of
parties and what management,
to involving practices. risks associated
safeguards are supplier risk
external parties with all
in place. management, or
in business categories of
supply chain risk
operations. third-party
management.
entities.
 Proper Third-Party
Risk Management
Third-party risk is (TPRM) programs
Third-party are crucial to
now a significant
incidents can lead mitigate these
concern due to
to internal and vulnerabilities
increased breaches
external outages, and protect the
and reliance on

LMACS
operational shifts, business.
outsourcing.
& supply chain
vulnerabilities.
Organizations
heavily rely on
Data breaches and third parties, so
cyber security when they fail, the
incidents are impacts can be
common, affecting devastating and
businesses and their long-lasting.
third parties.
 Prevent engagement
in unethical practices
Ensure third-party Effectively
compliance with handle
regulations disruptions

LMACS
Maintain a healthy Safeguard
and safe working confidential
environment information

Strengthen supply Attain high levels

chain security of performance
measures and quality
 1 2

PHASE
Risk Assessment focuses on
PHASE

Risk Identification involves pinpointing

evaluating identified risks,
possible risks from third-party
understanding their potential impact,
engagements.
& the probability of occurrence.

3 4

LMACS
PHASE

PHASE
Risk Mitigation involves creating Risk Evaluation involves ongoing
strategies to manage & control risks, analysis of the risk environment and
reducing negative impacts on the effectiveness of implemented
operations, objectives, or projects. mitigation strategies.

5
PHASE

Risk Monitoring involves tracking

risks and assessing the effectiveness
of mitigation strategies to ensure
alignment with objectives.
 Contractual Ongoing
Risk Assessment Agreements Monitoring
Evaluate vendors' Establish contracts
security practices, Regularly assess
outlining expectations,
vendor performance

LMACS
reputation, and requirements, and
financial stability. and security
obligations related to
procedures.
risk management.

Incident
Due Diligence Response
Conduct background Please establish
checks and review protocols for
legal documents to addressing security
assess vendor breaches associated
reliability. with third-party
vendors.
 Ongoing Monitoring Information
Reputation Risk Regularly assess Security Risk
Negative public vendor Unauthorized
opinion affecting performance and access or
company security manipulation of
reputation procedures. information

LMACS
Strategic Risk Operational Risk Compliance Risk
Business Loss due to Violations of laws,
decisions not internal/external rules, or internal
aligned with process failures policies
strategic goals
Time should be spent

LMACS
on the foundational Monitor your suppliers Utilize automation
elements. continuously. Wherever possible

Think Beyond Prioritize your

Cybersecurity Risks. Vendor Inventory.

Look at it as
a Lifecycle.
Please ensure a clear Assess the inherent risk Determine & minimise the
definition of the inclusions & criticality before residual risk through
& exclusions in the vendor engaging with a vendor. effective strategies.
engagement process.

LMACS
Manage vendor selection Continuously monitor Consider termination
& contracts, including vendors for new risks processes for every
monitoring SLAs. & be prepared to vendor engagement.
address issues.
 How do we conduct a
third-party risk management

program?

Build a robust risk

LMACS
Evaluate
Take into account Recognize that management Set specific risk
providers
the potential risks predefined risk strategy tailored to criteria tailored to
holistically to
linked with every categories may the unique each TPRM
conduct a
third-party not be universally dynamics of each program
comprehensive
relationship. applicable. third-party engagement.
risk assessment.
engagement.

contd.
 How do we conduct a
third-party risk management

program?
Assess impact on
Conduct a
Utilize a Apply the company Zoom into
meticulous

LMACS
standardized framework reputation, product or service
evaluation of the
third-party risk meticulously to adherence to legal level for granular
vendor's business
management enable systematic and ethical examination.
practices and
framework for and effective risk practices,
specific products
consistency and management reliability of
or services.
objectivity. analysis. customer service,
and overall
financial stability.

contd.
 How do we conduct a
third-party risk management

program?
Consider forming
Please consult with
Consider factors a specialized
Make informed specialists from

LMACS
like safety, cross-functional
decisions on different
learning curve, Scrutinize business team to conduct a
commercial departments within
pricing structures, and product comprehensive
engagements your organization
and compliance facets for risk assessment,
aligned with to gain insights into
with data privacy potential risks. involving
company's third-party
and reporting representatives
objectives. relationships and
laws. from each
associated risks.
relevant
department.

contd.
 How do we conduct a
third-party risk management

program?
Through Tapping into Perform
Consider potential Evaluate each

LMACS
collaborative diverse expertise comprehensive
risks even for vendor, whether
effort, we can enhances the risk assessments
seemingly formal or informal,
guarantee a accuracy and for all potential
mundane services, to proactively
thorough and thoroughness of partners,
as they could identify and
efficient risk estimates for regardless of their
introduce risks to mitigate potential
evaluation third-party risk size or the nature
your business. risks.
process. management. of their services.

contd.
 How do we conduct a
third-party risk management

program?
Adopting a
proactive
Establish a
approach Categorize Assess the

LMACS
Assess the structured
ensures business vendors into appropriate level
"business effect framework to
integrity and high-, medium-, of due diligence
rating" for each expedite
security, acting or low-risk levels needed for
vendor to gauge evaluations and
as a safeguard based on vendors based on
their significance ensure a tailored
against predetermined their respective
to your business. approach to risk
unexpected criteria. risk levels.
management.
third-party
challenges.

contd.
 How do we conduct a
third-party risk management

program?
Use risk
management and

LMACS
After assessing Please delineate compliance
Anticipate and Assign a specific
vendor risk, the precise software as a
strategize for person or role to
create a tailored duties and proactive
potential risk each aspect of
risk management responsibilities playbook for swift
scenarios. the plan.
plan. of the reaction. execution of
predefined
strategies.

contd.
 How do we conduct a
third-party risk management

program?
Cut ties with
Evolve the plan vendors unwilling
Stay updated on

LMACS
with the to modernize
regulatory Regularly evaluate
changing Regularly assess processes and
changes related vendors to ensure
landscape of vendors to ensure adapt- Proactively
to privacy, their practices
vendor their compliance align with
environmental align with your
engagements with evolving regulations for
restrictions, labor needs and
and risk profiles standards. sustained vendor
laws, and tax expectations.
for effective risk risk management
regulations.
mitigation. and business
resilience.

contd.
How do we conduct a
third-party risk management

program?
To ensure long-
Ongoing term profitability

LMACS
Consider the oversight and due and mutual
vendor's risk diligence help benefit for all
level when maintain secure parties involved, it
determining the and mutually is essential to
frequency of beneficial adapt to the ever-
evaluations. business changing nature
connections. of vendor
relationships.

contd.
LMACS