This capability provides practical guidance and tools to help organisations assess the risk of third party suppliers and ensure appropriate levels of risk-based control. The framework includes a third party assurance risk scale comprising three elements: an example of risk factors and weightings that can help an organisation identify the drivers of the risk of their third party providers; a calculator that interprets those risk factors to group third parties by different risk levels; and an escalating control scale that can be deployed to manage the risk of third party providers at the different risk levels.

Click here to access the document.