Third-party risk management assessment
Gauge the maturity of your third-party risk management program, and leave with your priorities.
≈ 5 minutes · no sign-up
A vendor questionnaire is not enough. Answer the 18 statements below: everything is computed in your browser, and no answer is stored.
Answer each statement based on your real situation. Your score and priorities appear instantly in your browser. Nothing is sent anywhere.
1.Third-party inventory
2.Tiering
3.Assessment and evidence
4.Contracts
5.Continuous monitoring
6.Lifecycle
Answer every statement to reveal your score.
FAQ
What is third-party risk management?
Third-party risk management (TPRM) is the set of practices to identify, assess and monitor the risks introduced by your suppliers, providers and partners.
Why does it matter?
A growing share of incidents comes from third parties. Your vendors extend your attack surface to systems you do not directly control.
Isn't a questionnaire enough?
No. A questionnaire is self-reported and quickly stale. It must be combined with external evidence and continuous monitoring.
What is fourth-party risk?
Your third parties have their own third parties. Fourth-party risk and concentration on a few shared providers can expose you without direct visibility.
Is this assessment a full program?
No. It is a starting point to gauge your maturity and prioritize your actions, not a full program.