Assessment overview

With 3rdRisk, you can systematically evaluate and determine the risk exposure with your third parties and ecosystem. Create, schedule, perform and monitor generic or tailor-made, third-party risk assessments for all your third parties.

Process

The assessment module contains 5 different steps:

Create/select an assessment template
Create an assessment
Fill in the assessment
Review assessment
Finish and close the assessment

Per step, there is a dedicated support page:

Step	High-level activity	Responsible	Docs page
1. Create/select an assessment template	- Select one more available questionnaire templates from the store. - or upload your questionnaire.	Risk officer / Risk manager / Procurement manager	Assessment template Store
2. Create an assessment	- Select third-party, deadline and applicable requirements. - Select the questionnaire, specific domains and reviewer(s).	Risk officer / Risk manager / Procurement manager	Create assessment
3. Fill in the assessment	- The third party will receive an email invitation for the 3rdRisk assessment portal to fill in the assessment. - The third party fills in the assessment and submits the response. - The third party will receive an email confirmation that the assessment has been completed.	Third-party	Fill in assessment
4. Review assessment	- Reviewer(s) will receive an email that the assessment is ready for review. - Reviewer reviews all questionnaires and closes review when there are no more outstanding questions. - Risk manager/risk officer can register one or more incidents or risks based on assessment results.	Reviewer	Review an assessment
5. Finish & close assessment	- Platform closes and archives assessment. - Third-party and his/her business-/contract owner and procurement manager will receive an email to confirm that the assessment is finished and closed.	Third-party / Reviewers / Business manager / Risk manager / Risk officer	Review an assessment

Communication flows

In the assessment module, there are various automated e-mails sent by the platform:

Process step	Message	When	To
2. Create an assessment	Invite for a 3rdRisk assessment	Automatically generated and sent when you create an assessment.	External E-mail address for 3rdRisk assessments (from Third-party catalogue record)
3. Fill in the assessment	Not yet a response and almost overdue	4 days before the due date	External E-mail address for 3rdRisk assessments (from Third-party catalogue record)
	Overdue / assessment is cancelled.	Past due date	External E-mail address for 3rdRisk assessments (from Third-party catalogue record) Internal Assessment creator
	Confirmation that assessment was successfully submitted	When assessment submitted	External E-mail address for 3rdRisk assessments (from Third-party catalogue record) Submitter e-mail address
4. Review assessment	Assessment ready for review	When assessment submitted	Internal All reviewers
5. Finish & close assessment	Review successfully performed	When the review was successful	External E-mail address for 3rdRisk assessments (from Third-party catalogue record) Submitter e-mail address Internal Business/contract owner All involved reviewers Third-party manager Security Officer

Known limitations of the assessment management module
Is it not yet possible to have nested / dependency between answers to questions