Is there a template to assess the vendor risk management for a company in terms of maturity.

Determining the maturity of vendor risk management in addition to the program benefit is a good component for building a business case.


  • CyberGRX is unique in that our TPRM assessment platform evaluates both maturity and effectiveness of security controls. While examining maturity in terms of People, Process, and Technology can easily demonstrate how secure your online ecosystem controls and sub-controls are; effectiveness shows how well all security controls are working for your third party vendors.

  • I completely agree with Elbahoug.  It is one thing to understand what tools and controls are implemented in an environment, but it is just as important to ensure a company has the right team with the right training and processes to use those tools.  In particular, in the dynamic cyber risk environment, where the threat landscape is changing hourly, the adaptability and insight of a mature team can often be more important than the inventory of controls.

    As Pattie mentions above, CyberGRX breaks out maturity in addition to effectiveness to provide practitioners with the information necessary to make the appropriate business case decisions.
Sign In or Register to comment.