Customizing Risk Tolerance
Risk tolerance determines the level of risk your organization is willing to accept when working with third parties. It affects the mapping of risk scores to labels like Low, Medium, High, and Extreme. By adjusting your risk tolerance, you control how risk labels are applied across your third-party management program.
Risk Tolerance Levels
VISO TRUST offers three predefined risk tolerance levels, each tailored to different business needs and risk postures.
Minimal (Default)
Use if: Your organization has a very low tolerance for risk. High assurance artifacts are required to get a vendor relationship to the lowest risk level.
This option is ideal for organizations that handle sensitive data or operate in highly regulated industries. It ensures that all vendors meet the strictest security and compliance requirements, minimizing potential risks. This setting expects that third parties conduct regular audits and continuous monitoring as part of their rigorous approach to security and compliance. Organizations choosing this option typically have a mature Third-Party Risk Management (TPRM) program with comprehensive policies and procedures in place.
Ideal for: Highly regulated industries and organizations with sensitive data
Moderate
Use if: Your organization balances risk with operational efficiency.
While still maintaining strong security controls, there is more flexibility in the level of assurance artifacts required to substantiate them. This option is suitable for organizations that need to be agile but still prioritize security. It allows for a pragmatic approach where risks are managed effectively without overly burdening the third party risk management process. Organizations choosing this option typically perform periodic reviews and risk assessments to ensure ongoing compliance. This approach is well-suited for organizations with a dynamic TPRM program that emphasizes a balance between stringent controls and operational flexibility.
Ideal for: Mid-sized businesses or fast-growing organizations with evolving risk needs.
Significant
Use if: Your organization is willing to accept a higher level of risk in exchange for greater flexibility and speed in assessing third party relationships.
The focus is on core security controls, substantiated by answering questions as a default. This option is appropriate for organizations that operate in less regulated industries or have a higher risk appetite. It enables quicker third party onboarding and integration, supporting fast-paced business environments. While there is an inherent acceptance of greater risk, organizations still perform regular assessments to manage and mitigate potential issues. This approach is generally adopted by organizations that prioritize business agility and rapid growth over strict compliance.
Ideal for: Startups and tech-forward businesses in less regulated industries.
How Risk Tolerance Affects Vendor Risk Labels
When you update your risk tolerance:
- The thresholds that map risk scores to labels like Low, Medium, High, and Extreme are recalibrated
- You’ll see an immediate preview of how the change will affect your existing vendor population
- You can select specific relationships to explore how risk labels will shift under the new tolerance
Customize Your Labels
Every organization speaks about risk differently. With VISO TRUST, you can add custom labels to match the nomenclature used in your internal risk management program.
Whether you use terms like Critical, Acceptable, or Watchlist, your platform will reflect your organization’s language and processes.
🧪 Try It Out
Want to see how your vendor landscape changes with a new risk tolerance?
- Preview your new thresholds and relationship distribution
- Select an example relationship to see its new risk label
- Adjust and fine-tune settings before committing
