Glossary
Third-Party Risk Assessment
Definition
An evaluation of a vendor's security, financial, regulatory, and operational risk before or during the relationship.
Why it matters operationally
Assessments drive tiering and control selection. Without a recorded assessment, procurement cannot explain why a vendor received lighter or heavier scrutiny.