ST0364
Risk-Based and Integrated Processes – How has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes?
Plain-language summary
What it actually means.
Plain-language summary forthcoming. Source text below.
Source text
As written.
Risk-Based and Integrated Processes – How has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes?
Assessed by HEXDI
What HEXDI assesses.
- M2
6 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers risks posed by interactions with third parties, to include suppliers, brokers, contractors,…
- M9
1 — THIRD PARTY MANAGEMENT
Program establishes a reasoned methodology for any decisions to outsource export/import compliance functions to a third party and requires…
- M9
2 — THIRD PARTY MANAGEMENT
Program has procedures that define the scope of any third-party roles in export/import compliance functions and the protocols for working…
- M9
3 — THIRD PARTY MANAGEMENT
Program has procedures that verify the effectiveness of any third party used in export/import compliance functions.
Related
Other DOJ standards.
- DOJ41 citations
ST1166
DoJ Evaluation of Corporate Compliance Programs
- DOJ25 citations
ST1160
DoJ Evaluation of Corporate Compliance Programs
- DOJ24 citations
ST1154
DoJ Evaluation of Corporate Compliance Programs
- DOJ22 citations
ST0028
Evaluation of Corporate Compliance Programs
- DOJ22 citations
ST0535
Evaluation of Corporate Compliance Programs
Source & revisions
- First mapped
- Jun 8, 2022
- Last updated
- May 26, 2026 (13m ago)
- Source
- Evaluation of Corporate Compliance Programs