CyberPolicy.shop

Back to Shop
Extended

Third-Party Risk Management Policy

Description

Advanced policy for managing third-party, fourth-party, and supply chain cybersecurity risks through vendor classification, due diligence, continuous monitoring, and contractual controls. Includes 2025/2026 requirements for DORA ICT third-party risk, software supply chain security (SBOM/SLSA), AI/ML vendor assessment, and geopolitical risk management.

What's Included

  • Vendor risk classification matrix
  • Due diligence questionnaire templates (SIG Lite, Core, Full)
  • Vendor risk scorecard and rating methodology
  • Contract security addendum template
  • Fourth-party risk assessment guide
  • Continuous monitoring checklist
  • Vendor exit and transition playbook
  • AI/ML vendor assessment framework
  • SBOM and software supply chain checklist
  • In-app viewing with copy to clipboard
  • Export to Markdown, JSON, or Word Doc
  • Fully customizable for your organization
  • Instant access - no waiting
  • Lifetime access to your purchase
  • 26 pages of comprehensive content

Who This Is For

Target Audience

  • All organizations with vendors
  • Procurement teams
  • Security teams
  • Compliance officers
  • Legal teams

Compliance Frameworks

ISO 27001:2022NIST CSF 2.0SOC 2DORANYDFS Part 500OCC Heightened StandardsPCI DSS 4.0GDPRCCPAHIPAA

Related Topics

policythird-party-riskvendor-managementsupply-chainextendeddoratprm

Instant Access & Export

View in-app • Copy to clipboard

MarkdownJSONWord Doc

Version Info

Version 2.0Updated 12/31/2025

Price

$99.00

Bundle Discount Applied

✓ Instant Library Access

✓ Export to MD / JSON / Word

✓ Track Implementation Status

Generate a custom policy with AIAlready have a policy? Try PolicyQuestSecurity Checklists & Assessments📊 Pair with a compliance workbook
Third-Party Risk Management Policy | CyberPolicy.shop | CyberPolicy.shop