This paper is the full TPRM Blog series and is designed to help those who are writing third-party supplier questionnaires as part of a third-party risk management program.
What does the Third Party Risk White Paper Contain?
This white paper explores the five key stages for creating an effective Third Party Risk Management Questionaire.
Following the Third Party Risk Management Webinar: How to Develop Effective Information Gathering for Third Parties, we have created a white paper that will focus on how to approach questionnaires.
The guide includes…
- How to combat assessment fatigue
- How human nature affects the reliability of your respondent’s answers
- Is quantitative or qualitative research more effective?
Here is a Preview of the White Paper
The primary mechanism by which organizations are assessing the threats introduced by third parties through the use of third-party risk management questionnaires or ‘due diligence’ assessments.
This mechanism relies on two things to be true to be effective:
- The questions being asked are relevant to assessing the risks
- The responder (the person providing the information on behalf of the organization being assessed) is replying truthfully and completely.
The Effectiveness of the Due Diligence Assessment
In recent years there have been many articles and conference speakers who have challenged the effectiveness of the due diligence assessment, but unfortunately, the alternatives require investment and/or alignment to a common standard. Neither of which has gained traction and as such, the assessment remains the most popular option. As the organization asking the questions only has limited influence over the responding organization, through contractual obligations and commercial commitments.
What can we do to improve?
We must then look at how questions are being asked and if there are improvements that can be made. SureCloud has researched broader practices around questionnaires and surveys as well as the psychology behind respondents and have drafted this paper to help organizations in writing better questions to get better information.
Download the full white paper at the bottom of the page.
SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.
SureCloud connects the dots with Integrated Risk Management solutions enabling you to make better decisions and achieve your desired business outcomes. SureCloud is underpinned by a highly configurable technology platform, which is simple, intuitive and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation; meaning you get immediate and sustained value from the outset.