Assessment overview

Evaluate and determine the risk exposure with your third parties and ecosystem.

With 3rdRisk, you can systematically evaluate and determine the risk exposure with your third parties and ecosystem. Create, schedule, perform and monitor generic or tailor-made, third-party risk assessments for all your third parties.

Process

The assessment module contains 5 different steps:

Create/select an assessment template
Create an assessment
Fill in the assessment
Review assessment
Finish and close the assessment

Per step, there is a dedicated support page:

Step	High-level activity	Responsible	Docs page
1. Create/select an assessment template	- Select one more available questionnaire templates from the store. - or upload your questionnaire.	Risk officer / Risk manager / Procurement manager	Assessment template Store
2. Create an assessment	- Select third-party, deadline and applicable requirements. - Select the questionnaire, specific domains and reviewer(s).	Risk officer / Risk manager / Procurement manager	Create assessment
3. Fill in the assessment	- The third party will receive an email invitation for the 3rdRisk assessment portal to fill in the assessment. - The third party fills in the assessment and submits the response. - The third party will receive an email confirmation that the assessment has been completed.	Third-party	Fill in assessment
4. Review assessment	- Reviewer(s) will receive an email that the assessment is ready for review. - Reviewer reviews all questionnaires and closes review when there are no more outstanding questions. - Risk manager/risk officer can register one or more incidents or risks based on assessment results.	Reviewer	Review an assessment
5. Finish & close assessment	- Platform closes and archives assessment. - Third-party and his/her business-/contract owner and procurement manager will receive an email to confirm that the assessment is finished and closed.	Third-party / Reviewers / Business manager / Risk manager / Risk officer	Review an assessment

Communication flows

In the assessment module, there are various automated e-mails sent by the platform:

Process step	Message	When	To
2. Create an assessment	Invite for a 3rdRisk assessment	Automatically generated and sent when you create an assessment.	External E-mail address for 3rdRisk assessments (from Third-party catalogue record)
3. Fill in the assessment	Not yet a response and almost overdue	4 days before the due date	External E-mail address for 3rdRisk assessments (from Third-party catalogue record)
	Overdue / assessment is cancelled.	Past due date	External E-mail address for 3rdRisk assessments (from Third-party catalogue record) Internal Assessment creator
	Confirmation that assessment was successfully submitted	When assessment submitted	External E-mail address for 3rdRisk assessments (from Third-party catalogue record) Submitter e-mail address
4. Review assessment	Assessment ready for review	When assessment submitted	Internal All reviewers
5. Finish & close assessment	Review successfully performed	When the review was successful	External E-mail address for 3rdRisk assessments (from Third-party catalogue record) Submitter e-mail address Internal Business/contract owner All involved reviewers Third-party manager Security Officer

Known limitations of the assessment management module
Is it not yet possible to have nested / dependency between answers to questions