Peer-Driven Insights

Third Party Risk Management (TPRM)

Active Ambassadors in This Topic

Chris Oehlerking

Chris Oehlerking

Honeywell

Manufacturing, 1k - 5k

United States
Vanshul Chawla

Vanshul Chawla

Nielsen

Software, 10k+

IN
Melinda Lemke

Melinda Lemke

King Spalding

Services (non-Government), 1k - 5k

United States
View All Community Ambassadors

Community Posts

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Read More Comments

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Read More Comments

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

Will you continue to use Oracle now that it's being sued for violating users privacy?

Yes36%

Maybe44%

No15%

Unsure3%

View Results

What are the main hurdles you face when verifying a CSP’s compliance and security measures after an update? How are you addressing these issues so far?

Has anyone moved to a third party support for Hyperion (like Rimini Street)?  If so, what pitfalls should we look out for and would you recommend it if we are 2-3 years from moving to a new solution?

What are the main 10 features requested in a GRC platform?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

What metrics are most useful for measuring 3rd party risk?

Read More Comments

How do you ask your third parties to notify you if they have had a cyber incident? Does your process work efficiently?

Read More Comments

What is the top cybersecurity issue your organization is facing?

Data breaches due to remote work6%

Ransomware attacks53%

Lack of a corporate security plan24%

Missing security patches8%

Failure to inform employees of threats4%

Other (please specify)2%

View Results

Are you using a partner ecosystem management platform?

Yes (share platform name in a comment if you can)82%

No17%

How are you assessing the security posture of third-party APIs the business relies on? What criteria do you use currently?

Read More Comments

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

Read More Comments

What tool did you adopt to support your third-party risk management practice? 

What kind of roadblocks are you running into with SBOMs? Have you found ways to address those issues yet?