How to measure Control Compliance with Third Party Risk Assessment?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2024 06:06 AM
Hi All,
I am looking for ssome teps to drive control compliance using thirdparty risk assessment. I want to know what are the process inorder to mark control compliant or non compliant based on third party risk assessment. . I have tried mapping control objective to thrid party questionarre template and tried taking one assessment. After completion i don't see status or issue generated based on response.
Can anyone help me with this please?
Any help is much appreciated!
Thank you
Meghashree
@Community Alums
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2024 06:17 AM
Hi Meghashree,
To drive control compliance using third-party risk assessment, here are some steps you can follow:
Define Control Objectives: Clearly define the control objectives that you want to assess for compliance using third-party risk assessments.
Mapping Control Objectives: Map these control objectives to the questions or sections in your third-party questionnaire template. Ensure that each control objective is addressed appropriately.
Conduct Assessments: Administer the third-party risk assessments to your vendors or third parties. Ensure that they understand the questions and provide accurate responses.
Evaluate Responses: Once assessments are completed, evaluate the responses against your defined control objectives. This involves reviewing the answers provided and determining whether each control objective is compliant or non-compliant based on the responses.
Generate Status or Issues: Use your governance or risk management platform (like ServiceNow) to track the status of each control objective. You can configure the system to automatically generate issues or flag non-compliant control objectives based on predefined criteria.
Follow Up: Communicate any non-compliance findings with the relevant stakeholders and work towards remediation or mitigation as needed.
By following these steps, you can effectively drive control compliance using third-party risk assessments. If you're not seeing status updates or issues generated, review your assessment configuration and ensure that it aligns with your compliance tracking requirements.
Hope this helps!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2024 11:34 AM - edited 06-28-2024 11:35 AM
Hi @RhJ - Please don't paste ChatGPT answers. They're seldom helpful and this one certainly isn't.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2024 01:22 PM
Hi @meghashree
Hope you are doing well!
You need to map control objective to assessment metric and you need to tell the system, which is the right response in the metric form as shown in picture, so once third party provides incorrect response, system will automatically fails(update compliance to non-compliant and generate issue) the associated control with vendor
Please find the response as helpful if my response is correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-01-2024 12:04 AM
Thank you for the response. I have tried same steps mentioned but i don't see issue getting created or status being changed on control. Is there any configurations or issue rules we need to define ?
Thank you!
Meghashree