Third Party Risk

For most top-tier organizations, outsourcing key functions has become a necessary component to creating efficiencies in today’s complex economy. Organizations must develop comprehensive programs to include oversight for security, cybersecurity, technology, privacy, and business resiliency risk. Additionally, with all of the recent breaches occurring across a multitude of verticals, organizations must be dedicated to building a robust third party risk management program in order to protect themselves from financial and reputational risk.

However, may organizations – regardless of their size – simply don’t know where to start. Depending on the size of the organization, there can be thousands of third party relationships to manage. With the heightened regulatory expectations on vendor risk and the increased role of the board to ensure oversight, it can be an overwhelming task to monitor all possible risks.

The Santa Fe Group’s team of advisors are the best in the industry, offering clients the opportunity to draw from the most advanced thinking, gain exclusive insight from technology and security experts, and access a deep knowledge bank of industry, regulatory and legislative issues. The Santa Fe Group advisors are hand-picked experts who can help you evaluate your current risk posture, identify your organization’s risk vulnerabilities, design solutions to help you build a successful third party risk management program, and help you navigate through this ever-changing world of risk.

Our approach includes:

  • Identifying current trends in third party risk.
  • Connecting key individuals in our wide third party risk community  to work collaboratively, share best practices, and provide solutions to current issues.
  • Developing your risk committee.
  • Educating your board on the critical issues of third party risk.
  • Providing in-house, one-day workshops on how to deploy and properly utilize the Shared Assessments Program Tools including the Standardized Information Gathering (SIG) questionnaire; the SIG Management Tool; the Shared Assessments Standardized Control Assessment procedures (SCA), a tool for standardized onsite assessments; and the Vendor Risk Management Maturity Model (VRMMM), a self-assessment tool used to determine the maturity of your own third party risk management program.

To get started, contact us today at

Share this