Create New Third-party engagement form

  • Release version: Australia
  • Updated May 15, 2026
  • 3 minutes to read

    • Use the create new third-party engagement form to capture all the information that you need to create a third-party engagement record in Digital resilience third-party registers using Third-party Risk Management. As a third-party risk assessor you can create a third-party engagement record.

    Table 1. Create New Third-party engagement form
    Field Description
    Name Unique name for the engagement. Ideally, mention the product or service that is the subject of the engagement.
    Third party The third party for whom you are creating this engagement record.
    Type Type of product or service to be provided by the engagement organization.
    Start date Enter start and end dates to define how long the engagement is valid.
    End date Preferred dates for the beginning and end of interactions with the third party.
    Status

    Select the current status of the engagement. Available options are:

    • Active
    • Onboarding
    • Prospect
    • Active unauthorized
    • Terminated
    • Onboarding rejected
    Risk rating Displays the risk rating assigned to the engagement after an assessment has been performed.
    Engagement tier The tier used for this engagement.
    Annual spend The annual monetary spend associated with this engagement's services.
    Engagement manager Specify the person who will monitor, prioritize, and act on responses to external questionnaires, issues, and tasks. Select the lock to lock/unlock the field.
    Business owner Specify the person who is familiar with the engagement organization and the product or services that will be engaged. Select the lock to lock/unlock the field.
    Notes Enter text that describes the engagement to other users.
    Third-party engagement: Contact
    Street, City, State/Province, ZIP/Postal code, Country, Phone, Fax

    Standard contact information for the engagement organization.
    Latitude and Longitude

    The Latitude and Longitude values are used to mark the location on the Risk concentration map. See TPRM Risk concentration map.
    Risk ratings
    Computed risk rating

    Calculated Computed risk rating. This field is auto-filled.

    The value is overall risk rating for the third party, calculated after the assessment by rolling up all of the TPR assessors' risk ratings.
    Override risk rating

    Option to override the computed rating.

    If you select the check box, then specify the following values:
    • Overridden risk rating: Select the new risk rating.
    • Overridden on: Date that overridden risk rating or justification is updated.
    • Justification: Enter the reason for overriding the value.
    Overridden risk rating Rating that has been manually changed by a user, overriding the rating that was calculated by a system. Available options are:
    • 1 - Very High
    • 2 - High
    • 3 - Moderate
    • 4 - Low
    • 5 - Very Low
    Overridden on Date that overridden risk rating or justification is updated.
    Justification Reason for overriding the value.
    Assessment risk rating Risk rating for the assessment. This field is auto-filled.
    Engagement risk rating Risk rating for the engagement. This field is auto-filled.
    Subsidiary risk rating Risk rating for the subsidiary. This field is auto-filled.
    Risk intelligence rating Score that corresponds to the likelihood and consequence of a risk event. This field is auto-filled.
    Related lists on the form
    Engagement contacts Engagement contacts for the third-party engagement.
    Business services Business services related to the third-party engagement.
    Tiering assessments Tiering assessments for the third-party engagement.
    Repeating assessments Repeating assessments for the third-party engagement.
    Note:
    You can create repeating assessments if you are using the classic assessment engine. You can configure rules that auto-generate and send questionnaires and doc requests to engagements and third parties using the Event-driven management feature if you are using the Smart Assessment Engine. For more information, see Configure a risk assessment to recur on a schedule and Event-driven management — automate assessment processes.
    Assessments Assessments for the third-party engagement.
    Third-party risk areas Risk areas related to the third-party engagement.
    Issues Issues related to the third-party engagement.
    Tasks Tasks related to the third-party engagement.
    Entity types Entity types related to the third-party engagement.
    Digital resilience information Digital resilience information for the third-party engagement. You can add the following parameters:
    • Name
    • Third party
    • Identification code of ICT third-party service provider
    • Type of code to identify the ICT third-party service provider
    • Name of the ICT third-party service provider