Professional Documents
Culture Documents
THIRD PARTYRISK
RISK MANAGEMENT
MANAGEMENT TOOLKIT
TOOLKIT
The VRMMM Tool can be an integral part of your TPRM risk management program. The VRMMM Tool provides a methodology to create risk metrics that can be
quantified, compared over time, and integrated with the organization’s overall enterprise risk management program. The Tool provides objective measurements
that evaluate an organization’s TPRM program practice maturity, which can be used for internal planning, executive management reporting, and building the
business case for investment in the company’s TPRM Program.
Maturity Levels: Within the VRMMM Tool, the Maturity Level Ranking worksheet provides detailed descriptions of program attributes to enable each organization
to identify the level of process maturity for each TPRM program category. Organizations select the description that most accurately represents their current
maturity level. Maturity Level descriptions are included for quick reference when using the Executive Summary Reporting Templates in management reporting.
Target Maturity Levels: An organization may structure their TPRM program based on the organization’s defined risk tolerance, on industry expectations, or on other
combinations of factors relevant for that organization’s unique risk posture. Within the VRMMM Tool, the organization can identify their desired maturity level by
selecting their Target Maturity Level. At its option, an organization may use Target Maturity levels to set goals for program improvements over a specified period of
time. Not all organizations will be utilizing Target Maturity levels, though it is an encouraged practice. An organization’s overall approach to third party risk can be
influenced by the internal and external environment so that both Current and Target Maturity levels may change over time.
Please see the VRMMM User Procedure Guide in your VRMMM Tool download file for more information on how to establish and use Target Maturity Levels.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 2 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
VRMMM TOOL AND DASHBOARD REPORTING:
The VRMMM Tool contains a dashboard that summarizes the progress or status of completion of the TPRMTHIRD ProgramPARTY RISK The
Assessments. MANAGEMENT
VRMMM Tool offers a multi-
dimensional view for evaluating a TPRM Program. Assessment results can identify the overall state of maturity based
TOOLKIT at the TPRM Program Category, TPRM Program
Attribute, or based upon individual TPRM Program Detailed Criteria. Assessment results are displayed in the Tool and on the Dashboard for each for each summary
section of the program evaluation or assessment.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 3 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
This document provides a set of Sample Executive Summary Reporting Templates that can be leveraged toTHIRD include PARTY RISK
assessment MANAGEMENT
results in TPRM management
reporting, risk metrics, and risk dashboards. The formatted data tables and charts in each sample Template TOOLKIT
are populated with mock data. These tables can be found
in the accompanying VRMMM Executive Summary Data Tables Excel spreadsheet.
You can edit these tables to include your own data in the spreadsheet and replace the charts or tables in the sample Report Templates. As data is entered into the
VRMMM tool, the tool automatically color-codes each TPRM Program Category, Attribute, and Detailed Criteria according to whether the organization meets-or-
exceeds its desired maturity level, or whether the organization is one or more levels away from meeting its identified Target Maturity. Drop downs choices in the
Reporting Templates offer a similar functionality.
The first set of templates in the Excel samples provide short summary tables and action planning heat maps without reference to Target Maturity:
Sample Executive Summary Template 3 – TPRM Program Maturity Year over Year Comparisons
TPRM Programs can change over time. This template enables the organization to show progress and changes on program maturity with multiple year results.
This format may work for you if you need to provide focus on managing changes to the environment that require the organization to adapt its TPRM program
to respond to those changes.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 4 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Sample Executive Summary Template 4 – TPRM Self-Assessment using Peer Benchmarking
This template utilizes a benchmarking option based on incorporating results from Shared Assessments’ THIRD TPRMPARTY RISK Survey
Benchmark MANAGEMENT
studies. An organization can
compare their assessment results based on the aggregated results published in the study. An organization
TOOLKIT can also utilize data from the report for peer
industries or types of organization to evaluate itself against a peer. These comparisons can help tell a story to assist in business case development for
strengthening TPRM programs.
Sample Executive Summary Template 5 - Findings or Process Improvement Focus Based upon TPRM Program Attributes
Template 5 is configurable for the organization to identify the key attributes or criteria that demonstrated the lowest maturity levels in the evaluation process.
This enables the organization to reflect on specific actions or recommendations for process improvement. This format provides transparency in management
reporting and flexibility in sharing the results by assessment focus area. The rating tables shown here are only examples. Your findings criteria should be based
on your risk management priorities and VRMMM results.
The second set of templates includes tables and sample charts for organizations that are using Target Maturity levels. The sample templates can assist organizations
that are in the throughout its stages of building, running, and measuring a program by setting specific desired maturity levels to see current practice maturity against
Target Maturity levels.
Sample Executive Summary Template 6 – TPRM Program Components Self-Assessment Results with Target Maturity
This template utilizes the same scoring mechanism based on the percent of correctly implemented controls as Template 1; however, this template shows the
Target Maturity and the number of Criteria included in each program category. This format provides transparency in management reporting and flexibility in
sharing the results by assessment focus area.
Sample Executive Summary Template 7 - Risk Rating and Action Planning and TPRM Business Case Development
This template enables sharing the results of the self-assessment, enables the organization to add a risk rating to each category based on their analysis of
results and identify key action steps. This Template can supplement an organization’s dashboards, scorecards, or third party risk reports to management. The
rating tables shown here are only examples. Your findings criteria should be based on your risk management priorities and VRMMM results.
Sample Executive Summary Template 8 - Target Maturity Findings or Process Improvement Focus Based upon TPRM Program Attributes
This set of templates provide a summary based on the lifecycle of a TPRM Program. The Template organizes sample charts for TPRM Program Categories
involved in building, running, and measuring a TPRM Program. Template 8 is configurable for the organization to identify the key attributes or criteria that
demonstrated the lowest maturity levels in the evaluation process. This enables the organization to reflect on specific actions or recommendations for process
improvement. Charts included in this template may be useful for organizations in the early stages of formalizing their approach to third party risk or for those
organization that are expanding or growing their TPRM program, especially in light of changes in the regulatory landscape. This format identifies best
practices, including continuous monitoring and focus on external assurance. This template may be useful for organizations with maturity programs to foster
ideas on how to maximize results and risk mitigation with enhanced monitoring and oversight.
Within the VRMMM Tool, the Maturity Level Ranking Guide worksheet provides detailed descriptions of program attributes to enable each organization to rank by
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 5 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
maturity level each TPRM program category. When reporting results or incorporating results into Management Reporting, this summary description is provided as
reference material. THIRD PARTY RISK MANAGEMENT
TOOLKIT
Definitions of the VRMMM Maturity Levels
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 6 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
SAMPLE REPORT LANGUAGE
THIRD PARTY RISK MANAGEMENT
Sample Executive Summary Reporting Template 1 – TPRM Program Components Self-AssessmentTOOLKIT
Results
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management Program. ABC Company’s vendor risk management
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. Table 1 summarizes the total number of requirements evaluated for each TPRM Program Category.
Table 2 reflects the assessment results demonstrating the depth and breadth of the TPRM Program Assessment showing the content breakdowns for each TPRM
component. After a review of the TPRM program and the controls in place, we found 3 TPRM Program Categories with High risk ratings, 3 Medium and 2 Low risk
ratings based on our TPRM Program evaluation for 2022.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 7 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Table 1: Summary Table for all VRMMM Program Components
THIRD PARTY RISK MANAGEMENT
TOOLKIT
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 8 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Chart 1: Scope of TPRM Program Evaluation by Program Category
THIRD PARTY RISK MANAGEMENT
ABC COMPANY TPRM Program Requirements Evaluated
TOOLKIT
20% 17%
16%
14% 13%
15% 13%
11%
10% 8% 8%
5%
0%
Content Percentage
Sample Executive Summary Reporting Template 2 – Risk Rating and Action Planning
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management Program. ABC Company’s vendor risk management
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. After a review of the TPRM program and the controls in place, we found 3 High risk ratings, 3
Medium and 2 Low risk ratings based on our TPRM Program evaluation for 2022. For each TPRM Program Category the participants categorized the improvements
needed based on the level of effort for corrective action measures as noted in Table 1. Based upon the current maturity levels, the investments needed in the
TPRM program based on changes in people, process, or technology are noted in Table 2. The below charts provide a visual representation of risk ratings of findings
and level of effort which will be shared with the company internal audit function and will be included in management reporting for senior leadership.
ABC Company has completed this type of review each year as part of its annual risk assessment process
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 9 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Table 1: Risk Rating and Action Planning
THIRD PARTY RISK MANAGEMENT
TOOLKIT
Charts Associated with Template 2: Findings by Risk Rating and Level of Effort
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 10 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
ABC Company Findings by Risk Rating ABC Company Findings by Level of Effort
THIRD PARTY RISK MANAGEMENT
TOOLKIT
2
3
# of High Risk # Medium Risk # Low Risk # of High LOE # Medium LOE # Low LOE
Sample Executive Summary Template 3 – TPRM Program Maturity Year over Year Comparison
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management Program. ABC Company’s vendor risk management
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. Specific action plans were identified in the self-assessment process for areas of process
improvement. ABC Company has completed this type of review each year as part of its annual risk assessment process. Comparisons to changes in TPRM program
maturity is reflected in Table 1 from 2019-2022. Chart 1 provides a visual representation of the changes in TPRM Program maturity over time for each TPRM
Program Category. Internal and external factors influenced maturity over the four-year period. Examples of these changes included:
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 11 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Table 3: ABC Company TPRM Program Maturity Year over Year Comparison
THIRD PARTY RISK MANAGEMENT
TOOLKIT
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 12 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Sample Executive Summary Template 4 – TPRM Self-Assessment using Peer Benchmarking
THIRDProgram.
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management PARTYABC
RISK MANAGEMENT
Company’s vendor risk management
TOOLKIT
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. ABC Company has completed this type of review each year as part of its annual risk assessment
process. After completion of the TPRM Program evaluation, ABC Company compared assessment results to aggregated results provided in the Shared Assessments
Vendor Risk Benchmarking Study. Maturity assessment results by TPRM Program Category are shown in Table 1 for 3 identified Peer Comparison companies. A
visual representation of the Peer comparison is noted in Table 2, which will be included in the update for management.
Based upon the analysis of the Peer comparison and aggregated study results, ABC Company has established a future state or desired maturity level for each TPRM
Program Category. The Target Maturity will be used to identify the resources needed to address improvements to meet both desired maturity levels but to
improve performance in peer comparisons. Chart 2 provides a scorecard to be shared with the Board of Directors and its Risk Committee of these goals and
strategies to enhance the company’s approach for third party risk management.
Table 1: TPRM Self-Assessment Results using Peer Benchmarking and/or Target Maturity
2019 Benchmarking Study Result
Highlights:
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 13 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Chart 1: TPRM Self-Assessment using Peer Benchmarking
THIRD PARTY RISK MANAGEMENT
ABC COMPANY PEER COMPARISON
TOOLKIT
4.5
4
3.5
3
2.5
2
1.5
1
0.5
0
1.0 Program 2.0 Policies, 3.0 Contract 4.0 Vendor Risk 5.0 Skills and 6.0 Information 7.0 Tools, 8.0 Monitoring
Governance Standards, and Development, Assessment Expertise Sharing Measurements and Review
Procedures Adherence, & Process and Analysis
Mgmt.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 14 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Sample Executive Summary Template 5 – Findings or Process Improvement Focus Based upon TPRM Program Attributes
THIRDProgram.
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management PARTYABC
RISK MANAGEMENT
Company’s vendor risk management
TOOLKIT
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. After a review of the TPRM program and the controls in place, we found 3 High risk ratings, 3
Medium and 2 Low risk ratings based on our TPRM Program evaluation for 2022. ABC Company has focused its risk management based on specific findings or
process improvement areas. ABC Company recommends that a new scorecard be developed to provide ongoing monitoring for the specific TPRM Program
Attributes identified during the assessments. These focus areas will be assigned a risk owner to define and track the status of the initiatives as noted in Table 1.
Due to changes in the internal and external environment, Charts 1 & 2 show the alignment of the findings to either (1) The structure of the TPRM Program; (2) The
execution of the TPRM Program; or (3) Gaps in measuring TPRM Program performance.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 15 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
THIRD PARTY RISK MANAGEMENT
# of High Risk Risk TPRM Program Findings # of High LOE TPRM Findings
TOOLKIT
1
4
5
4
Building & Structuring the TPRM Program Building & Structuring the TPRM Program
Implementing & Running the TPRM Program Implementing & Running the TPRM Program
Measuring & Optimizing TPRM Program Results Measuring & Optimizing TPRM Program Results
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 16 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Sample Executive Summary Template 6 – Summary Table for all VRMMM Program Components/Criteria THIRD PARTY RISKwithMANAGEMENT
Target Maturity
TOOLKIT
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management Program. ABC Company’s vendor risk management
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. After a review of the TPRM program and the controls in place, we found 3 High risk ratings, 3
Medium and 2 Low risk ratings based on our TPRM Program evaluation for 2021. Table 1 provides the overall assessment results, including a summary of the total
criteria evaluated for each TPRM Program Category. Chart 1 provides a visual representation of the current maturity and the desired maturity level which will set
the foundation for process improvement initiatives.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 17 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Chart 1: TPRM Program Components Self-Assessment Results with Target Maturity
THIRD PARTY RISK MANAGEMENT
ABC Company TPRM Self-Assessment ResultsTOOLKIT
4
3
2
1
0
Sample Executive Summary Template 7 – Risk Rating and Action Planning and TPRM Business Case Development
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management Program. ABC Company’s vendor risk management
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. After a review of the TPRM program and the controls in place, we found 3 High risk ratings, 3
Medium and 2 Low risk ratings based on our TPRM Program evaluation for 2022.
A Level of Effort (LOE) analysis was quantified for the High and Medium risk ratings showing 2 High LOE and 4 Medium LOE areas of focus. Risk ratings have been
established and action plans have been defined for each area of focus as summarized in Table 1. ABC Company established a task force committee to develop the
business case needed for increased resources for the TPRM Program. The task force prioritized the action plans based on inputs from stakeholders in the line of
business and established key dates for deliverables. The results of the task force work effort are shown in Table 2 including specific planned actions.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 18 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
THIRD PARTY RISK MANAGEMENT
Table 1: Risk Rating and Action Plans TOOLKIT
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 19 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
THIRD PARTY RISK MANAGEMENT
TOOLKIT
Sample Executive Summary Template 8 - Target Maturity Findings or Process Improvement Focus Based upon TPRM Program Attributes
ABC Company initiated an internal review of the structure and components of its Third Party Risk Management Program. ABC Company’s vendor risk management
approach used standard criteria using the Shared Assessments Vendor Risk Management Maturity Model (VRMMM). This tool established a numerical score range
based on the self-assessment of each program component. The tiering of the level of maturity of the results of the assessment triggers actions based on ABC
Company’s enterprise risk management program.
The self-assessment was conducted from DAY/MONTH/YEAR through DAY/MONTH/YEAR and included XX participants, across XX locations. Participants included
management personnel, subject matter experts and control owners. Participants evaluated each specific attribute of the TPRM program and identified
opportunities for process improvement based on risk ratings. After a review of the TPRM program and the controls in place, we found 2 High risk ratings, 3
Medium and no Low risk ratings based on our TPRM Program evaluation for 2022. The TPRM Program Category or phase of the TPRM lifecycle was identified for
each of the VRMMM TPRM Program attributes. Charts 1 and 2 display the TPRM Program findings and remediation LOE based on each phase of maintaining a
TPRM Program. ABC Company took the results of the 2022 TPRM program evaluation and established a TARGET Maturity for each TPRM Program Attribute.
ABC Company’s TPRM Program requires the participation from multiple lines of business, affiliates and subsidiaries, and governance committees. Due to the
different teams involved in TPRM, ABC Company established their Target Maturity Levels for each TPRM Program Attribute and created an Assessment results
scorecard for each TPRM phase. Tables 1-3 summarize the assessment results based on the TPRM phase which can be distributed to respective teams and can be
used as the starting point for developing project and action plans to address findings.
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 20 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
THIRD PARTY RISK MANAGEMENT
Table 1: TPRM PHASE - Building a TPRM Program
TOOLKIT
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 21 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
Table 2: TPRM PHASE - Implementing a TPRM Program
THIRD PARTY RISK MANAGEMENT
TOOLKIT
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 22 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
THIRD PARTY RISK MANAGEMENT
TOOLKIT
Third Party Risk Management Toolkit: VRMMM Tool Sample Executive Summary Reporting Templates page 23 of 24
© 2021-2022. The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
© 2021-2022 The Santa Fe Strategy Center LLC, dba Shared Assessments. All Rights Reserved.
THIRD PARTY RISK MANAGEMENT
Documents created under Shared Assessments may be downloaded from the official Shared Assessments website at https://www.sharedassessments.org/
TOOLKIT
While retaining copyrights, Shared Assessments makes specific documents available to members and purchasers for the purpose of conducting self-assessments and third party security assessments. Licenses
for other uses are available from Shared Assessments. Individuals and organizations should review the terms of use prior to downloading, copying, using or modifying Shared Assessment Program documents.
This notice must be included on any copy of the Shared Assessments documents, excluding Assessors or consultants’ reports.
Shared Assessments is administered by The Santa Fe Strategy Center LLC (https://www.sharedassessments.org/). Questions about this guide should be directed towards support@sharedassessments.org If
you are interested in Shared Assessments and would like us to contact you, email us at info@sharedassessments.org .