Several user groups are created when you activate the TPRM app. In this procedure, you add users to each group. The roles mentioned in this procedure are described in Roles in Third-party Risk Management.

There’s an important practical result of including all users with a particular role in a group: Your risk management process isn’t affected when one or more members of the group are unavailable due to vacation, for example.

Due diligence request assigners

Group members have the Third-party risk (TPR) assessor [sn_vdr_risk_asmt.vendor_assessor] role.

Each member receives email notification of new requests for due diligence. For requests in the New or Unassigned state, no one has been specified in the Assigned to field. Any group member can assign or be assigned to a request.

The individual who owns an assessment for audit purposes and monitors and manages overall assessment processes. The owner is responsible for confirming that the assessment is completed in a timely fashion by the third party, reviewing their responses, and creating and resolving issues. To drive the assessment to its completion, they are notified when an assessment reaches a particular milestone. They must have the TPR manager or TPR assessor role.

Third-party Risk Managers

Group members have both the TPR approver role [sn_vdr_risk_asmt.approver] and the TPR manager role [sn_vdr_risk_asmt.vendor_risk_manager].

Members can monitor and manage overall due diligence processes and approve new requests for due diligence.

Third-party Risk Reviewers (External assessment reviewers)

Group members have the Third-party assessment reviewer role [sn_vdr_risk_asmt.vendor_assessment_reviewer].

Members can monitor and manage interactions with third-party contacts during external due diligence processes.

Contract risk negotiators

Group members have the Contract risk negotiator [sn_vdr_risk_asmt.contract_negotiator] role.

Members work in the contract risk process.