This project simulates a Third-Party Risk Management (TPRM) assessment conducted for a fintech company evaluating a new vendor. The project demonstrates the vendor risk management lifecycle including risk identification, due diligence, control analysis, and remediation planning.
The assessment evaluates CloudDocs Inc., a cloud-based document storage provider, which stores sensitive financial documentation and personally identifiable information (PII) for SentinelPay.
Company: SentinelPay
Industry: Financial Technology (Fintech)
Program: Third-Party Risk Management (TPRM)
SentinelPay uses third-party vendors to support business operations. Vendors that access sensitive data must undergo a formal risk assessment before onboarding.
Vendor: CloudDocs Inc.
Service: Cloud-based document storage and management platform
CloudDocs provides a platform for storing and managing digital documents. SentinelPay plans to use the service to store:
- Loan agreements
- Identity verification documents
- Financial records
Because these documents contain sensitive information, the vendor introduces potential risks related to security, privacy, and operational availability.
| Risk Category | Rating |
|---|---|
| Inherent Risk | High |
| Control Effectiveness | Moderate |
| Residual Risk | Medium |
| File | Description |
|---|---|
| README.md | Project overview |
| Risk Register.xlsx | Tracks identified risks and remediation status |
| Risk Remediation Plan.pdf | Remediation actions for identified risks |
| Risk Scoring Categories.xlsx | Defines vendor risk scoring factors |
| SOC2 Review.pdf | Analysis of the vendor’s SOC 2 report |
| Vendor Asessment Scenario.pdf | Description of the vendor assessment scenario |
| Vendor Due Diligence Checklist.pdf | Vendor onboarding due diligence checklist |
| Vendor Risk Assessment CloudDocs Inc.pdf | Full vendor risk assessment report |
| Vendor Risk Scoring.xlsx | Vendor risk scoring model |
| Vendor Security Questionnaire.pdf | Vendor security questionnaire |
- Vendor risk assessment
- SOC 2 control review
- Vendor risk scoring models
- Risk register management
- Vendor due diligence processes
- Risk remediation planning
- Microsoft Excel
- Google Docs
- Risk assessment methodologies