All Countries
Risk Management
Third Party Risk Assessment Policy

Third Party Risk Assessment Policy Template for United States

Create a bespoke document in minutes,  or upload and review your own.

4.6 / 5
4.8 / 5

Let's create your Third Party Risk Assessment Policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get your first 2 documents free

Your data doesn't train Genie's AI

You keep IP ownership of your information

Key Requirements PROMPT example:

Third Party Risk Assessment Policy

"I need a Third Party Risk Assessment Policy for our fintech startup that focuses heavily on data security and regulatory compliance, particularly for vendors who will have access to our payment processing systems and customer data, to be implemented by March 2025."

Celebrated by
Collaborations with
Investors
Document background
The Third Party Risk Assessment Policy is essential for organizations operating in the United States that rely on external vendors and service providers. This document has become increasingly critical due to growing regulatory scrutiny and the need to manage complex vendor relationships effectively. It helps organizations comply with various federal and state regulations while protecting against operational, financial, reputational, and compliance risks. The policy typically includes risk assessment methodologies, due diligence requirements, monitoring procedures, and compliance controls.
Suggested Sections

1. Purpose and Scope: Defines the objectives and applicability of the policy

2. Definitions: Key terms and concepts used throughout the policy

3. Roles and Responsibilities: Defines who is responsible for various aspects of third-party risk management

4. Risk Assessment Process: Details the methodology for assessing third-party risks

5. Due Diligence Requirements: Outlines required vendor evaluation procedures

6. Risk Monitoring and Review: Procedures for ongoing monitoring and periodic review of third-party risks

7. Reporting Requirements: Requirements for internal reporting and escalation procedures

8. Policy Compliance: Enforcement and compliance requirements for the policy

Optional Sections

1. Industry-Specific Requirements: Additional requirements specific to regulated industries such as financial services, healthcare, or government contractors

2. International Considerations: Special requirements and considerations for international third-party relationships

3. Technology and Cybersecurity Requirements: Specific requirements for third parties with access to systems or sensitive data

4. Subcontractor Management: Requirements for managing fourth parties (subcontractors of third parties)

5. Emergency Management Procedures: Procedures for managing third-party relationships during emergencies or business disruptions

Suggested Schedules

1. Risk Assessment Template: Standardized template for conducting third-party risk assessments

2. Due Diligence Questionnaire: Standard questionnaire for vendor evaluation and assessment

3. Risk Classification Matrix: Framework for categorizing and scoring vendor risk levels

4. Compliance Checklist: Checklist of regulatory compliance requirements for third parties

5. Vendor Management Procedures: Detailed procedures for ongoing vendor relationship management

6. Regulatory Requirements Summary: Summary of applicable laws and regulations affecting third-party relationships

Authors

Alex Denne

Head of Growth (Open Source Law) @ Genie AI | 3 x UCL-Certified in Contract Law & Drafting | 4+ Years Managing 1M+ Legal Documents | Serial Founder & Legal AI Author

Linkedin in social icon imageX social icon image
alex.den.21@genieai.co
Relevant legal definitions
Third Party
Risk Assessment
Inherent Risk
Residual Risk
Critical Vendor
High-Risk Vendor
Due Diligence
Risk Rating
Material Relationship
Service Level Agreement
Business Continuity
Disaster Recovery
Data Protection
Confidential Information
Vendor Management
Risk Mitigation
Control Framework
Compliance Requirements
Performance Metrics
Risk Appetite
Risk Tolerance
Subcontractor
Fourth Party
Operational Risk
Strategic Risk
Reputational Risk
Financial Risk
Regulatory Risk
Information Security Risk
Supply Chain Risk
Risk Owner
Risk Assessment Matrix
Key Performance Indicator (KPI)
Key Risk Indicator (KRI)
Corrective Action Plan
Vendor Lifecycle
Offshore Vendor
Critical Services
Material Outsourcing
Risk Profile
Clauses
Purpose and Scope
Policy Statement
Governance and Oversight
Risk Assessment Methodology
Due Diligence Requirements
Risk Classification
Vendor Selection Criteria
Monitoring and Review
Information Security
Data Protection
Confidentiality
Business Continuity
Performance Management
Regulatory Compliance
Documentation Requirements
Reporting Requirements
Audit Rights
Subcontractor Management
Contract Management
Termination Process
Incident Response
Risk Mitigation
Escalation Procedures
Training Requirements
Record Retention
Policy Exceptions
Review and Updates
Roles and Responsibilities
Compliance Monitoring
Quality Control
Industries

Sarbanes-Oxley Act (SOX): Federal law that establishes requirements for financial reporting and corporate governance, including internal controls that may affect third-party relationships.

Federal Information Security Management Act (FISMA): Legislation that defines a comprehensive framework to protect government information, operations and assets against natural or human threats.

Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their information-sharing practices and protect sensitive data, including data shared with third parties.

Health Insurance Portability and Accountability Act (HIPAA): Establishes standards for protecting sensitive patient health information, including requirements for business associates and third-party vendors.

Foreign Corrupt Practices Act (FCPA): Anti-corruption law that prohibits the payment of bribes to foreign officials and requires proper accounting practices, affecting third-party due diligence.

Bank Secrecy Act (BSA): Requires financial institutions to assist government agencies in detecting and preventing money laundering, including monitoring third-party activities.

USA PATRIOT Act: Expands BSA requirements and establishes anti-money laundering programs, including due diligence requirements for third-party relationships.

Payment Card Industry Data Security Standard (PCI DSS): Security standard for organizations that handle credit card information, including requirements for managing third-party service providers.

NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risks, including third-party risk management.

FFIEC Guidance: Provides guidance for financial institutions on third-party risk management, including vendor due diligence and ongoing monitoring.

California Consumer Privacy Act (CCPA): State law that enhances privacy rights and consumer protection for California residents, affecting how organizations and their third parties handle personal data.

General Data Protection Regulation (GDPR): EU regulation that may apply when handling EU resident data, including specific requirements for third-party data processors.

OCC/FRB/FDIC Guidance: Regulatory guidance from federal banking regulators on managing third-party relationships and associated risks.

Uniform Commercial Code (UCC): Standardized set of laws governing commercial transactions, including contracts with third parties.

NY DFS Cybersecurity Regulation: New York's regulation requiring financial institutions to implement comprehensive cybersecurity programs, including third-party risk management.

SEC Cybersecurity Requirements: Securities and Exchange Commission requirements for cybersecurity risk disclosure and management, including third-party risks.

Teams

Employer, Employee, Start Date, Job Title, Department, Location, Probationary Period, Notice Period, Salary, Overtime, Vacation Pay, Statutory Holidays, Benefits, Bonus, Expenses, Working Hours, Rest Breaks,  Leaves of Absence, Confidentiality, Intellectual Property, Non-Solicitation, Non-Competition, Code of Conduct, Termination,  Severance Pay, Governing Law, Entire Agreemen

Find the exact document you need

Third Party Risk Assessment Policy

A U.S.-compliant policy document establishing procedures for assessing and managing risks associated with third-party business relationships.

find out more

Download our whitepaper on the future of AI in Legal

By providing your email address you are consenting to our Privacy Notice.
Thank you for downloading our whitepaper. This should arrive in your inbox shortly. In the meantime, why not jump straight to a section that interests you here: https://www.genieai.co/our-research
Oops! Something went wrong while submitting the form.

Genie’s Security Promise

Genie is the safest place to draft. Here’s how we prioritise your privacy and security.

Your documents are private:

We do not train on your data; Genie’s AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

Our bank-grade security infrastructure undergoes regular external audits

We are ISO27001 certified, so your data is secure

Organizational security

You retain IP ownership of your documents

You have full control over your data and who gets to see it

Innovation in privacy:

Genie partnered with the Computational Privacy Department at Imperial College London

Together, we ran a £1 million research project on privacy and anonymity in legal contracts

Want to know more?

Visit our Trust Centre for more details and real-time security updates.

Read our Privacy Policy.

Draft quality legal agreements or review documents in 3 minutes

Try for free
BlogAbout UsCareers🌎 Global Site

Templates

Commercial

B2B Suppliers ContractStandard salesSponsorship ContractIT Outsourcing AgreementCommercial Reservation of Rights LetterLoan Note InstrumentCommercial Contract Templates

Employment

Consultancy AgreementFounder service agreementShareholder Agreement for EmployeesAdvisor agreementEmployee EMI Option PlanStandard Directors Service AgreementEmployment Contract Templates

IP

Trade Mark AssignmentIntellectual Property AssignmentSoftware Service Level AgreementSoftware Pilot Evaluation LicenceSAAS Subscription AgreementIP Rights License IP Agreement Templates

Administration

Cloud Computing PolicyBackup PolicyVirus Protection PolicyEqual Opportunities PolicyEnvironmental PolicyAdministration Legal Templates

Finance

Short-Form Directors Loan AgreementMandate Letter (Best Efforts)Drawdown Request (Borrower to Lender)Buyback AgreementPromissory Note (UK)Letter of Waiver (Loan)Finance Legal Templates

R&D

Consortium AgreementVariation to Consortium AgreementEquipment Loan AgreementCommercial R&D AgreementMaterials transfer agreementR&D Legal Templates

Industries

Legal Services

Limited Power of AttorneyBasic Binding Side LetterLetter of IntentNon Binding Comfort LetterContract For Employing A Salaried Partner Deed of Surrender (Lease)Templates for Lawyers

Manufacturing

Consignment ContractStandard Exclusive Distribution Agreement (UK)Intercompany Services Agreement Standard Directors Service AgreementConditions of Supply Memorandum of Understanding Manufacturing Legal Templates

Construction

Vesting CertificateLetter of Claim (Pre-Action Protocol)Tenancy at WillSection 146 Notice (Remedy Breach of Lease)Notice Of Forfeiture Of Lease By LandlordLease Report (Long Form)Construction Legal Templates

Solutions

Use Cases

Company Types

Comparisons

Business Categories

Teams

Information

© 2024 Genie AI Ltd. All rights reserved