Back to Playbook Visit Our Blog

Third-Party Identification

Implement processes to identify third parties. Engage the third-party risk management team through all relationship stages – evaluation, onboarding, operation, modification, and termination.


Implement processes to identify new third parties and changes to existing third parties. 


You can’t manage what you don’t know. Identifying new third parties and changes to existing third-parties enables you to engage your risk processes. 


If you are starting a new program, analyze the vendors in the procurement database to create your initial population. Then periodically analyze the procurement database to identify venders that were missed. 

Tie into the procurement processes to engage new vendors. Hook in to the project management program and business owners to identify new third parties early and existing ones that you missed. 

Practice Status Adoption
Seed your program with active vendor records in the procurement database. Common 70%
Implement explicit procurement process gates to be included in contracting with new third parties. Common 73%
Implement explicit IT process gates to be involved in projects that require new third-parties or changes to existing third-parties. Common 37%
Build relationships with business owners to identify opportunities to support their new and existing third-party relationship needs. Pioneering 13%
Periodically analyze the procurement vendor database to identify third parties that aren’t already under management. Common 60%
Analyze network traffic logs / web activity to identify identify unmanaged third-parties. Emerging 30%