Integrating Risk Management with Third-party Risk Management lets you model enterprise risks and use third‑party assessments to dynamically update risk posture and scores for third parties and engagements. Optional TPRM rules can trigger assessments or remediation work when risks change.

If you have the Risk Management and Third-party Risk Management applications installed:

Third parties and engagements can be represented as entities in Risk Management (for example, using an entity type such as Vendors), enabling consistent association of risk statements and scoring.

In Third-party Risk Management, when a questionnaire is sent to a third party or an engagement and they respond, assessment ratings are calculated and then rolled up to the associated third party and engagement, updating their risk posture and scores.

Responses dynamically update risk posture and scoring at the assessment level, and scores aggregate to the third party and engagement according to the configured rollup method (MIN, MAX, or AVG). Both Risk Management users and third‑party risk assessors can monitor risk status.

Optionally, TPRM rules (such as provider‑based submission rules) can trigger assessments or create issues/tasks and send notifications when external risk‑intelligence ratings change.

For more information on implementing Risk Management, see Risk Management implementation.