Single Low-Code Platform with Built-in GRC, Quality and ECM
Xybion’s Cloud Platform for Digital Transformation of Third Party Risk Management
In today’s global, highly-interdependent and complex regulatory environments, companies both large and small face a myriad of risks derived from various third party contractors, suppliers, distributors, and agents who perform tasks on their behalf. Noncompliance against various regulations and non-performance against Service Level Agreements (SLAs) exposes the company to significant financial and business interruption risks.
Typical Risk Areas:
- Environment, Health & Safety
- Quality (GMP, GLP, GCP)
- Human Rights (Labor laws)
- Contractor Safety
- Animal Welfare
- Data Privacy
- Information Security
A global corporation undertakes 10,000+ third party regulatory audits and 20,000+ internal audits of vendors, their internal processes and facilities to remain compliant with various regulations. This creates a continuous management challenge to understand risk exposures, patterns, controls, and mitigation plans for risks. An Integrated Third Party Risk Management platform can make this process more efficient, reduce costs of operations, reduce the costs of noncompliance and business risks.
Key Components of the TPRM Platform:
- Target list and risk identification
- Risk Management Policy, plans and objectives
- Audit plan, execution and consolidated findings
- Corrective and Preventive Actions (CAPA)
- Information and communication
- Training and building a culture of risk avoidance
Xybion’s TPRM solution provides end-to-end management of activities, information, templates, data libraries, files, documents, reports, notifications, and KPI from initial requests, planning and scheduling, assessments, findings tracking, CAPA, and review/approvals to the full management of the documentation throughout the various multiyear lifecycles of risk evaluation and certification processes of the third parties. It is ideally designed for multinational, multilingual and multi stakeholder work environments.
- Manage all types of stakeholders and their contacts, organizations and locations, including granular role-based security for users of the system
- Track standards and their related assessment matrices (assessment checklists) with the assessment results
- Manage findings and action plan compliance
- Plan, schedule and manage activities incorporating assessor qualifications and calendar availabilities
- Request, manage and publish detailed evaluation results per the scope of their request
- Manage personal and group tasks and communications
- Consult and search dashboard data and produce business-critical reports
Target List and Risk Identification
This step entails the collection of the initial documentation from the third party in order to provide an adequate compliance profile and history of the organization as well as key evidentiary documents to determine potential risk sources. The sources of the risk will vary depending upon the risk type being evaluated.
- System Notification indicating Request received
- Status Reports of third party files
- Notifications of Initial Documentation Reviews resulting in a recommendation of rejection
- Automated solution to collect third party documentation (by risk type), including dashboard
The activity of planning and scheduling commences in parallel with the Application/Documentation Process (for the new third party) and identifies all critical activities required for the complete assessment/audit of the third party including pre-assessments, desk assessments, third party self assessments (or surveillance questionnaires) and onsite assessments.
- Automated solution to with Activities Dashboard
- Auto-generated Assessment Plans from the activities data
- Intelligent Team Building by finding qualified resources
- Confirmation of availability of resources
- Confirmation of team and dates with other stakeholders (if onsite)
- Automated solution to collect Activity Team Membership, including intelligent member search
- Assembly and Release of the Assessment Matrices – Assessment Briefing: XDP automatically creates the assessment briefing, rolls up the findings and provides a checklist of objectives with ad-hoc objectives capability
- Self-assessments and third party documentation
- Opening meeting and onsite assessment
Third Party File, Ongoing Surveillance (Reassessments) and Documentation
Update each third party’s assessment plans with the and reassessments plans.