How to measure Control Compliance with Third Party Risk Assessment?

meghashree
Tera Contributor

‎06-28-2024 06:06 AM

Hi All,

 

 I am looking for ssome teps to drive control compliance using thirdparty risk assessment.  I want to know what are the process inorder to mark control compliant or non compliant based on third party risk assessment.  . I have tried mapping control objective to thrid party questionarre template and tried taking one assessment. After completion i don't see status or issue generated based on response. 

Can anyone help me with this please?

 

Any help is much appreciated!

Thank you

Meghashree

@Community Alums 

0 Helpfuls
  • 706 Views
5 REPLIES 5

RhJ
Kilo Contributor

‎06-28-2024 06:17 AM

Hi Meghashree,

 

To drive control compliance using third-party risk assessment, here are some steps you can follow:

 

  1. Define Control Objectives: Clearly define the control objectives that you want to assess for compliance using third-party risk assessments.

  2. Mapping Control Objectives: Map these control objectives to the questions or sections in your third-party questionnaire template. Ensure that each control objective is addressed appropriately.

  3. Conduct Assessments: Administer the third-party risk assessments to your vendors or third parties. Ensure that they understand the questions and provide accurate responses.

  4. Evaluate Responses: Once assessments are completed, evaluate the responses against your defined control objectives. This involves reviewing the answers provided and determining whether each control objective is compliant or non-compliant based on the responses.

  5. Generate Status or Issues: Use your governance or risk management platform (like ServiceNow) to track the status of each control objective. You can configure the system to automatically generate issues or flag non-compliant control objectives based on predefined criteria.

  6. Follow Up: Communicate any non-compliance findings with the relevant stakeholders and work towards remediation or mitigation as needed.

By following these steps, you can effectively drive control compliance using third-party risk assessments. If you're not seeing status updates or issues generated, review your assessment configuration and ensure that it aligns with your compliance tracking requirements.

 

Hope this helps!

0 Helpfuls

Simon Hendery
Kilo Patron
Kilo Patron
In response to RhJ

‎06-28-2024 11:34 AM - edited ‎06-28-2024 11:35 AM

Hi @RhJ - Please don't paste ChatGPT answers. They're seldom helpful and this one certainly isn't.

0 Helpfuls

SwapnilKumar
Tera Contributor

‎06-30-2024 01:22 PM

Hi @meghashree 

 

Hope you are doing well!

 

You need to map control objective to assessment metric and you need to tell the system, which is the right response in the metric form as shown in picture, so once third party provides incorrect response, system will automatically fails(update compliance to non-compliant and generate issue) the associated control with vendor

SwapnilKumar_1-1719778929046.png

 

Please find the response as helpful if my response is correct.

0 Helpfuls

meghashree
Tera Contributor
In response to SwapnilKumar

‎07-01-2024 12:04 AM

Hi @SwapnilKumar 

 

Thank you for the response. I have tried same steps mentioned  but i don't see issue getting created or status being changed on control. Is there any configurations or issue rules we need to define ?

 

Thank you!

Meghashree

0 Helpfuls