Which organization is associated with the lifecycle framework for third party risk described as Planning, Due Diligence and Third Party Selection, Contract Negotiation, Ongoing Monitoring, and Termination?

In third-party risk management, the lifecycle approach emphasizes how a relationship moves from planning through to termination, with clear stages that ensure risk is identified, controlled, and managed at every step. The sequence of Planning, Due Diligence and Third-Party Selection, Contract Negotiation, Ongoing Monitoring, and Termination is the framework specifically associated with the Office of the Comptroller of the Currency. This organization requires banks under its supervision to follow a structured lifecycle so that vendor risks—security, privacy, operational resilience, compliance, and performance—are addressed from the outset and continuously reviewed. Planning sets the risk posture and governance, due diligence and selection evaluate capabilities and controls, contract negotiation formalizes requirements and protections, ongoing monitoring tracks performance and risk over time, and termination ensures an orderly disengagement and data return if needed. While other agencies oversee different parts of the financial system, this particular lifecycle framework is tied to OCC guidance and supervisory expectations.