It’s the last month of the year, but we are not done with our platform improvements. After all, we are still working on ways to make your experience using our platform even better.

So, without further ado, let’s discuss this month’s improvements.

Key changes

Overdue assessments

• Due dates: Due dates are no longer automatically changed or extended when you leave an assessment open for a third party.

• Marking as overdue: Assessments can now be marked as overdue without closing them for the third party.

• Reminders: Choose whether to send a default one-time reminder to a third party once an assessment is overdue, send weekly reminders, or send no reminders at all.

Quality of life changes

• Assessment help: We’ve added an info button in the assessment portal that opens our support page, so that your third parties can more easily access it for more info and documentation.

• Residual risk: You can now fill in the “reasoning on residual risk” text box before starting the acceptance flow.

• Third-party form: Country field is now positioned at the top to improve field hierarchy and support integrations.

• Self-service SSO setup: Your admin can now set up and configure the SSO your organisation uses for logins via our guided self-service setup.

Be sure to contact us if you have any questions or suggestions. If you’re curious about what else is going on at 3rdRisk, you can follow us on LinkedIn.

Do you think we’re missing any key features? Then create a feature request here.

As promised, here is a follow-up on our previous teaser. In this update, we dive deeper into our new feature: Country Risk Profiles.

A few months ago, we introduced a feature that handles some of your vendor onboarding legwork. The Predictive Risk Profiles, aimed at analysing your suppliers, so that you have a solid basis as you begin working with a new vendor.

But the risks of working with other organisations go beyond how a supplier is organised or which controls they have in place. They are also shaped by the country in which that supplier operates.

What if your next opportunity lies in a new region, or you want to understand the country-level risks behind your vendors?

After all, country-wide risks such as geopolitical instability, extreme weather and weak labour protections can all influence the reliability and ethics of a business relationship. From a flood halting production for weeks to a region with a record of human rights violations, creating reputational and compliance exposure.

That’s where our Country Risk Profiles come in to help you.

It helps you see the bigger picture behind your suppliers. From geopolitics and law enforcement to labour practices and ESG controversies. Using AI, the feature gives you a snapshot of the contextual, regional, and national risks that really matter.

In short, here’s what you get:
✅ Real insights on the operating context for more informed decisionmaking
✅ Risk-based onboarding
✅ A handy ally for NIS2, CSDDD, and cross-border compliance

We built this to make life easier for all the procurement, risk, and compliance professionals assessing their off- and nearshore partners. Have you used it yet?

Want to know more about our Country Risk Profiles? Then visit our support page for more information.

A new month brings a new batch of platform improvements. Our team has been hard at work to make the platform even better, and we’re ready to share what we cooked up this month.

Here’s a look at our latest improvements 👇

Quality of life changes

• Assessment reports: You can now specify a conclusion and result when generating a draft report, allowing you to already access this information before finishing the report.

• Company logos: We now automatically fetch company logos of your third parties, based on the website URL you filled in. Making it easier to recognise which company is which. If no logo is found, the first letter of the third party’s name is used as a placeholder.

• Custom third-party types: You can now customise the third-party “type” field, so you can add the custom type that fits your specific workflow.

• Expiring document notifications: We’ve brought notifications for expiring documents to all modules! It does not matter where or how the document was uploaded; you will always be notified seven days in advance when a document is about to expire.

• Export risk profiles per domain: It’s now possible to export risk profiles per domain, making it easier for you to analyse your detailed data per risk domain. You can access this through the third-party catalogue.

Preview of what’s coming

Country Risk Profiles: Our brand new AI-powered country risk profiles are live, but we’ll share a more in-depth overview for this feature in a separate update, coming soon... 👀

Overdue Assessments: It’s almost there! We’re actively tweaking what happens when an assessment is “overdue” to give you, as the user, more autonomy. Expect more on this in our next platform update.

Be sure to contact us if you have any questions or suggestions. If you’re curious about what else is going on at 3rdRisk, you can follow us on LinkedIn.

A new month brings fresh updates to the 3rdRisk platform. We’re always working behind the scenes to make things better, and we’re excited to share what’s just gone live.

Here’s a look at our latest improvements 👇

SecurityScorecard Integration

We’ve added a new integration to the collection: SecurityScorecard. This integration automatically imports cybersecurity ratings and insights from SSC into your 3rdRisk environment, helping you monitor, assess, and respond to third-party cyber risks without switching between tools.

What you can do with this new integration

• Cyber scores: You can now directly see & access your cyber scores within the third-party catalogue and get an overview of the underlying factors.

• Notifications: Receive real-time notifications, for instance, when a rating changes below a certain threshold.

• Action plans: Create action plans that get automatically filled in by SSC data, allowing you to insert external ratings into your workflow.

• Automation: Want to dig deeper? You can now automate assessments to be sent based on SSC scoring.

Here’s a preview of how the SecurityScorecard integration looks on our platform.

Quality of life changes

• SCIM provisioning: You are now able to use SCIM provisioning for Okta and Microsoft Entra ID. Allowing for users and groups to be automatically created, updated, and deactivated.

• Bulk clarification: Need a vendor to clarify multiple or all answers on an assessment? You can now select multiple (or all) questions for additional clarification at once.

• File uploads: When accidentally uploading with embedded scripts/macros you will now get an error message with this link added:

  https://support.3rdrisk.com/en/article/cannot-upload-file-due-to-security-reasons allowing you to fix the issue.

• Deleted framework sections: Your deleted framework sections will now be hidden, and only active sections will be shown.

• Bulk matching LEI numbers: The platform can now automatically find and add LEI numbers when bulk importing DORA third parties.

• Risk appetite: Your residual risk is now compared to your risk appetite to show you whether it is actually in line with your desired appetite.

A new month means highlighting some of the latest improvements that are now available. We continually work on making our platform better, and are excited to discuss what is live.

So, let’s have a look at some of the changes we’ve made.

Key changes:

• Issues module

  • Custom issue types: We added the ability to customise the list of issue types.

  • Subtype field added: Along with the new customisation, you can now also create your own subtypes. Allowing you to align with your existing workflows.

• Ambition levels: You can now set your own “ambition levels” in your risk register. Thus allowing you to track whether your active measures help you be in line with your risk appetite and desired posture.

• Personalisation: We added the ability to upload your own profile picture, after all it is your profile, so it should feel that way.

• Document metadata: You can now reopen the metadata of an uploaded document to change the upload and expiry date of a document as well as type.

Quality of life changes:

• Third party

  • Website field for third parties: The website field is no longer required, so you won’t need to fill in a placeholder when you have no link for a third party.

  • Documents: You can now see the risks, issues, and action plans that a document is attached to in the cockpits, as well as in the documents tab. Giving you an overview of the documents related to a third party and its assessments.

  • Third-party review: You are now able to export all reviews of a third party to get an overview in one spreadsheet.

  • Third-party activities: You can see which third-party an assessment review belongs to, so you can more easily prioritise your review tasks.

• Longer questions on risk profiles: We increased the character limit for questions from 255 to 2000.

• Internal control filter: You are now able to filter for “subcontrol” and “main control” as an internal control user.

• Frameworks sections: Archived framework sections are now hidden.

We want to thank you all for your continued feedback and suggestions. Without you, the platform wouldn’t be what it is today. And as usual, if you have any questions, feel free to reach out. We’re always happy to help.

We are always working to improve the platform in big and small ways! Here’s a list of all the big and small updates we have rolled out in Q2:

Improvements

• Ask for additional clarification mid-review: For ecosystem assessments, you can now send out your questions for additional clarification without having reviewed every single question.

• Filter by domain-specific risk score: Filter your third parties for a specific risk score of a specific domain, for example “Low” on “Human rights”.

• Archive control self-assessments: You can now archive an assessment through the actions menu. You’ll be prompted for a reason and, once given, the assessment will be archived. The archive reason will then be visible in the assessment itself.

• Notes @-tagging: You can now tag your colleagues in notes by simply writing “@” and then selecting their name. Also: no need to lift your hands off the keyboard; you can also select the user with your arrow keys.

• Cockpit world map: We’ve brought our amazing world map from the dashboard to your third party cockpits! It will automatically zoom in on the location of your third party.

• View third party fields without edit rights: You can now view a third party’s fields (including custom fields) even if you do not have update/edit permissions. Simply open the actions menu and select “View” where you would normally see “Edit”.

• Issues: We now offer the ability to automatically generate an issue ID. This is perfect for organisations who do not have a custom issue ID format.

• Bulk reminders: We have a new (much-requested) bulk action to send out reminders! Select multiple ecosystem assessments, open the bulk actions menu, and click “Send reminders”.

AI

Some of our biggest work has been happening behind the scenes. In the coming months, one of the most prominent stories at 3rdRisk will be AI. We can’t wait to reveal more soon, so here’s a preview of what’s ahead:

• Predictive/Inherent Risk Profile: Using various high-quality data sources, our AI inherent risk profile will predict the risk a third party will pose to you. It does the research for you, highlighting various issues such as missing certificates and non-compliance incidents, all to provide you with the most complete picture of your third parties and the risk they pose to you.

• Country Risk Profile: The country a third party operates in, carries an inherent risk of its own. That’s why our AI country risk profile will provide you with all the information you need when working with third parties from across the globe. From cultural and reputational risks, to human rights and labor conditions: our AI provides you with all the information you need to venture into new territory.

• Contract reader: Tired of manually filling out contract information in the platform? Simply upload the contract, and our AI will fill out all the fields using the uploaded document!

• Improved Document Analyser: We’re working hard to bring our document analyser to more kinds of documents, and expand its feature set, such as through customisation of the standard question sets.

Administration

Lastly, we’ve worked on making your life as an administrator easier through various improvements to our configuration and management settings:

• Archive users: You can now archive users yourself! First, ensure you have the correct permissions to archive users. Then, simply go to “Users”, open the actions menu, and select “Archive”. Follow the given instructions and voila, you’ve successfully archived a user!

• Alphabetically sorted access domains: Access domains are now alphabetically sorted, so that you can find the correct domain even faster.

• Auto-update/lock roles: You can now lock (‘auto-update’) roles that match our standard specifications. This will ensure users always receive the latest features, with only the appropriate access rights, but without having to bother you about it.

We are always working to improve the platform in big and small ways! We have already informed you of some of our bigger updates:

• Filter Improvements: Multi-Select and New Filtering Options

• Organisation Model: Risk Profiles for Organisation Elements

• New TPRM Dashboard

Here’s a list of all the other improvements we have made in Q1:

General improvements

• Audit logs: Now show the most recent activity first.

• New document types: We have added Statement of Applicability for ISO27001.

Third party risk management

• Creation date in cockpit: You can now view the creation date of a third party in the cockpit.

• Search by DUNS number: You can now search your third parties by DUNS number.

  • Bulk imports now also check your new third parties for duplicates on the DUNS number.

• Sorting in third party catalogue: You can now sort on almost all columns, from the third party manager field to the amount of open issues.

• Sort on third party in assessments index: You can now sort your assessments by third party.

• New third party types: We have added Group and Government.

• Link questionnaire to framework: You can now link questionnaires to your frameworks. Go to your questionnaires library, open the actions menu, click “View questionnaire and assign reviewers”, then navigate to the new “Framework” tab.

Internal control

• Test period in the future: You can now send out self-assessments with a testing period set in the future.

• Status in control exports: A new column has been added to exports of controls containing the status of controls.

• Reporting period in assessment exports: When exporting self-assessments, we now include the reporting period in the generated Excel file.

• Increased character limit for test procedure: We have increased the character limit for test procedures to 5000. Write your heart out!

For administrators

• New combinations of TPRM permissions: You can now combine permissions for when third party owner with permissions for the whole catalogue. This allows you to, for example, only allow editing of third party records for which the user is the owner of the third party, while at the same time allowing them to view the full catalogue.

• Customisable industry/branch field: You can customize the set of options for the “Branch or industry” field for third parties under “Configuration” → “Third-party management”.

  • If you do not see this page as an administrator on the Manage plan and up, check your admin role’s permissions and enable “Third-party management settings”.

We're excited to introduce our completely redesigned TPRM Dashboard—a major upgrade that transforms how you view third-party risk in the platform! The new dashboard provides a crystal-clear, interactive overview, helping you focus on what truly matters—managing risk effectively, not hunting for information.

Click here to watch our new product update video, or continue reading below to learn more.

New Features

• World Map: Our new world map visualization displays all your third-party locations based on the country data you have provided.

  • Click to zoom in on densely populated areas or use plus/minus buttons for manual control

  • Move around the map by clicking and dragging

  • Select any country to instantly go to and filter the third-party catalog by that location

• Overview & Strategic Insights: View your ecosystem segmented by third-party types (vendors, suppliers, and other categories) and the amount of active contracts.

• Risk Exposure & Issues: Monitor risk exposure and issues linked to your third parties.

  • Third-Party Risk Segmentation: Visualize your ecosystem with concentric rings representing tiers.

    • Your organization at the center

    • Tier 1 (direct partners) in the first ring

    • Tier 2 and Tier 3 third parties in outer rings

    • Click any segment to access the filtered catalogue with those specific third parties

  • Open Issues Linked To Third Parties: Monitor open issues with categorization by criticality.

    • View issues categorised by criticality at a glance

    • One-click access to filter issues by the selected type

  • Monitoring Alerts Integrations: Direct access to critical monitoring information from our sanctions monitoring add-on and integrations like Business Radar.

    • Click to filter the catalog to find the third parties to which these alerts apply

  • Risks Linked To Third Parties: Comprehensive visualization of risks by domain, owner, and severity.

    

    • Quickly identify critical risk areas requiring immediate attention

    • Track risk distribution across your risk domains in your third-party ecosystem

• Operational Metrics: Track your actionable ecosystem items like your action plans and assessments.

  • Open Action Plans: Track open action plans by organizational location.

    • View a hierarchical breakdown by organisation elements in your organisation model

    • Separate counts for location-specific action plans and sub-element action plans

    • Immediate visibility of overdue action plans

  • Assessment Status: Monitor assessment progress with status categories.

    • This enables quick identification of bottlenecks in your assessment process

  • Median Completion Time: New metric showing assessment speed.

    • Track the median time from the moment your assessment is sent out to completion

• Performance & Trends: Identify trends, track performance, and find outliers.

  • Assessment Outcome: The results of all the assessments you’ve performed.

  • Issues Linked To Third-parties: A brand new graph of the amount of issues linked to your third parties per month.

  • Top 10 Highest and Lowest Performers: View your best and worst performing third parties according to the most recent assessment result.

Filters

• New Filters: Customize your dashboard view with new filtering options:

  • Framework

  • Third-party type

  • Date ranges

• Simply hover over a widget’s filter icon to view what filters apply to it, as well as whether any of them are currently active.

Learn More in our Help Center

We have refreshed our dashboard documentation with the launch of this new TPRM dashboard. If you want a deep dive into the new features, or have some unanswered questions, this new documentation is for you! You can find it using the Docs: Dashboard button at the top of the dashboard, or go there directly using this link:

https://support.3rdrisk.com/en/article/dashboard