Scope and governance

Third Party Risk Management (TPRM) is the means by which Novartis manages risk when interacting with third parties, such as suppliers of goods and services.

Implemented globally across Novartis in 2019, TPRM allows us to better assess and effectively manage third-party risk exposure. In addition, it fosters collaboration with third parties that share and uphold our values and ethical principles.

TPRM enhances our capability to build and protect value for our stakeholders, including our patients, and advances the broader interests of society as a whole.

How does TPRM work

How does TPRM work

Risk areas covered by TPRM

TPRM scope and risk areas

Third-parties in scope

  • Suppliers
  • Business development and licensing deals
  • Mergers and acquisitions

A further scope expansion is planned in 2021 (including contractor safety, responsible minerals and global security risk), as well as additional third-party types, such as distributors and wholesalers on the sales side.


Third Party Risk Management is a standing agenda topic at the quarterly Trust & Reputation Committee meeting, chaired by the Novartis CEO.

The TPRM Leadership team manages the TPRM organization, monitors business partnering and is responsible for strategic alignment with Risk Function experts and business representatives. The team is headed by the Global Head of Human Rights & TPRM, who reports to the Chief Ethics, Risk and Compliance Officer at Novartis.

TPRM governance

The Risk Functions define the risk policy for their specific areas and monitor delivery of the risk policy for third parties through TPRM. They also make decisions on risk assessment outcomes.

The Service Delivery Team, part of Novartis Business Services, performs third-party monitoring and coordinates audits on behalf of Novartis. It facilitates the end-to-end process, carries out third party monitoring and acts as a process helpdesk.


We capture key TPRM metrics, to help ensure robust operations, while continuously improving through leveraging technology and market capabilities.

TPRM dashboard preview

Download our 2020 dashboard (PDF 0.3 MB)


TPRM has a positive impact in protecting our company and building trust with society, helping us avoid potentially risky third party engagements, while mitigating many risks with existing third parties.

In the first year of operations, we avoided or stopped collaborating with close to 100 third parties and mitigated risks with existing third parties.

Upholding ethical standards and protecting our reputation

  • Avoiding unethical suppliers uncovered through anti-bribery risk assessments

Protecting confidential clinical trials data

  • Ensuring that our patients data is safe
  • Requiring our partners to upgrade information security and data privacy management

Impacting local communities positively

  • Requesting partners to change harmful labor rights practices such as holding employees documents or money in escrow
  • Requesting partners to upgrade their practices to stop environmental damage

Impact: Real-life cases

TPRM case studies