Third Party Risk Policy
Sets standards for vendor risk management and oversight.
Description
Defines how vendors and third parties are evaluated, approved, monitored, and offboarded. Covers risk tiering, due diligence requirements, contract/security requirements, data handling expectations, ongoing monitoring, incident notification requirements, and termination/offboarding controls.
Related Products
Access Control Policy
Defines access rules, approval, least privilege, and review cadence.
AI Governance Policy
Establishes governance structure, decision rights, and oversight.
AI Risk Management Policy
Sets risk principles, controls expectations, and accountability for AI.
Asset Management Policy
Controls for asset inventory, ownership, and protection.
Change Management Policy
Defines approvals and safeguards for system/process change.
Data Backup Policy
Backup requirements, testing cadence, and recovery expectations.