Third-Party Risk Management Playbook – Excel XLSX

Third-Party Risk Management Playbook

64 professional files (6 PDFs + 58 Excel workbooks) | 349+ spreadsheet tabs | 2,730+ rows of structured content | 11 organised folders

Your organisation's risk surface extends far beyond what you directly control. Every vendor, supplier, and fourth-party relationship introduces risk that regulators increasingly expect you to manage with the same rigour as internal operations. From OCC heightened standards to DORA's ICT third-party provisions, regulatory pressure is intensifying. This playbook gives you the complete toolkit to build or mature a TPRM programme that satisfies regulators and actually reduces risk.

WHAT YOU GET: A THREE-PHASE JOURNEY

Phase 1: Diagnose. Seven domain assessments (30 questions each, 210 total) evaluate TPRM maturity across governance, risk assessment, due diligence, contract management, ongoing monitoring, concentration risk, and exit planning.

Phase 2: Set Goals. Five PM template workbooks with programme design roadmaps, risk tiering matrices, remediation trackers, and implementation milestone plans.

Phase 3: Implement. Nine operational runbooks covering the full third-party lifecycle from initial assessment through ongoing monitoring to termination and transition.

7 DOMAIN ASSESSMENTS (210 QUESTIONS)
•  TPRM Governance and Programme Structure
•  Risk Assessment Methodology and Tiering
•  Due Diligence and Onboarding
•  Contract Management and Risk Provisions
•  Ongoing Monitoring and Reassessment
•  Concentration Risk and Fourth-Party Management
•  Exit Planning and Transition Management

9 OPERATIONAL RUNBOOKS
•  Third-Party Risk Tiering and Inherent Risk Assessment Template
•  Due Diligence Questionnaire Suite (InfoSec, BCM, Financial, Compliance)
•  Contract Risk Provision Checklist and Negotiation Guide
•  Ongoing Monitoring Dashboard Design and KRI Definition Workbook
•  Third-Party Incident Response and Escalation Protocol
•  Concentration Risk Analysis and Mitigation Planning Template
•  Fourth-Party Mapping and Sub-Outsourcing Visibility Checklist
•  Vendor Exit and Transition Planning Runbook
•  TPRM Regulatory Examination Preparation and Evidence Checklist

WHO THIS IS FOR: TPRM Programme Leaders, Chief Risk Officers, Procurement Leaders, Internal Audit, CISOs, and GRC Consultants.

Aligned with OCC 2013-29, Fed SR 13-19, DORA, ISO 27036, NIST SP 800-161r1, Shared Assessments SIG, and APRA CPS 234.

Instant download. Start your programme maturity assessment today.