Conducting a TRM3â„¢ Self-Assessment can help you determine which TRM3 maturity level best describes your organization’s travel risk management program and where you should focus your time and resources to move your program to the next level. This self-assessment will identify maturity of the organization based on a set of key process areas (KPAs) that are required to implement and support a successful program – in this case, a TRM program.

It should be noted that TRM3 is a model and not a process. The model describes the characteristics of an effective TRM program, while each KPA addresses the specific processes required to implement the program. The TRM3 can help guide efficient, effective improvement across multiple process disciplines within an organization.

This self-assessment will take approximately 45 minutes to complete. You do not have to complete it all at once and you can start with any category right after you have completed a set of demographic questions. It was also designed to be updated, giving you the flexibility to come back and update your answers and see how your program has moved along with new initiatives at your organization.

If you have any questions or technical difficulties, please contact GBTA for assistance.

TRM3 Key Performance Areas (KPAs):

  1. Policy & Procedures (26 Questions) –
    Documented guidelines, rules and responsibilities of those operating under an organization that specifically addresses travel-related risks, safety and security.
  2. Education & Training (13 Questions) – An organization’s most important approach and tool for preventing and mitigating risk for all organizational stakeholders (i.e. travelers, crisis response teams, risk management leadership).
  3. Risk Assessment  (19 Questions)
    Evaluating the potential risks associated with activities, events, locations and processes.
  4. Risk Disclosure  (13 Questions)
    Efficient distribution and provision of all relevant risk exposures to potentially impacted parties, and how an organization handles it.Risk Mitigation – How an organization effectively plans and manages processes to avoid or mitigate critical incidents or travel-related risks.
  5. Risk Mitigation   (19 Questions)
    How an organization effectively plans and manages processes to avoid or mitigate critical incidents or travel-related risks.
  6. Risk Monitoring   (20 Questions)
    How an organization stays abreast and informed of relevant potential threats to travelers 24/7.
  7. Response & Recovery  (18 Questions)
    How an organization provides resources and support in the event of a critical incident.
  8. Data Management   (37 Questions)
    The methods by which an organization organizes, protects and uses sensitive data to keep it confidential and effectively useful in the process of TRM.
  9. Notification  (17 Questions)
    The mechanism and method for how an organization informs applicable stakeholders and affected parties in the process of managing or mitigating risk.
  10. Program Communication  (10 Questions)
    The methods and means by which an organization communicates the program to its stakeholders and travelers.

TRM3â„¢ is a trademark of iJET International, Inc.

Prompts based on total average maturity level after self-assessment

Level 1

Level 1 is defined as “Reactive” or the default level. This reflects a program that does little to proactively manage travel risk, with staff simply reacting to events as they occur. There are no or few defined policies and procedures, risk monitoring, notification or response protocols.

Level 2

Level 2 is referred to as “Defined.” Here, organizations have defined and documented key safety and security protocols within their travel programs, with a particular focus on incident response. However, they are missing or inconsistently providing risk disclosure, mitigation and the other elements of a proactive program. There is a heavy reliance on manual processes, which are subject to humane error.

Level 3

Level 3 is referred to as “Proactive” and means that organizations have incorporated some form of employee training, risk disclosure and notification processes as part of a formalized travel risk management program. Automated systems may have been introduced to support the program. Processes are not applied consistently across the organization. However, there is no effort to measure the effectiveness of the program.

Level 4

Level 4 is referred to “Managed” and describes organizations that have adopted all Key Processes organization-wide, with appropriate systems in place to support the program across regions and business units. Processes are consistently applied and executed. Organizations are collecting basic metrics and actively managing risk data.

Level 5

Level 5 is referred to as “Optimized” – the highest level of program maturity. At this level, the travel risk program is integrated throughout the organization and is well understood by management and employees, with automated compliance monitoring. Metrics and lessons learned are collected and used to continuously improve the program.

Business Continuity PlanA plan to continue operations in the event of a disaster or other emergency situations.
Data Retention PolicyThe policies of persistent data and records management for meeting legal and business data archival requirements.
Notification processOutlines what notifications the traveler, stakeholders and other interested parties receive relevant to a trip or incident.
Offline Itinerary DataReservations made outside your TMC and not automatically queued to 3rd party risk management systems.
Open BookingReservations made outside your TMC.
Risk ExposureIs the probability of the enterprise, property, person, or activity facing a potential loss.
Risk treatment planHow the organization will handle a specific incident or situation.
TMCTravel Management Company .
Notification processOutlines what notifications the traveler, stakeholders and other interested parties receive relevant to a trip or incident.
Risk ExposureIs the probability of the enterprise, property, person, or activity facing a potential loss.
Risk treatment planHow the organization will handle a specific incident or situation.