Governance Domain
Third Party Governance
Vendor governance across the full lifecycle, with ownership assigned at every stage.
Part of Regulatory, Privacy & Third-Party
Overview
Third-party risk is usually assessed once, at onboarding, and rarely revisited. This covers the full lifecycle: risk segmentation by criticality, proportional assessment criteria, and monitoring that catches drift between contracted and actual practice.
Focus Areas
- Vendor risk segmentation
- Lifecycle ownership from onboarding to exit
Related Insights
Third Party Governance · January 1, 2026Point of View
The Third-Party Accountability Gap
Most third-party risk programmes are strongest at onboarding and weakest at everything after. That gap is where the actual risk lives.
5 min read
Third Party Governance · January 1, 2026Briefing
Third-Party Risk in Regulated Sectors
Regulated organisations carry vendor risk differently: the obligation does not transfer with the contract.
4 min read