Peer-Driven Insights

Third Party Risk Management (TPRM)

About this topic

Third Party Risk Management (TPRM) refers to the assessment and mitigation of risks associated with vendors and external partners. Effective TPRM protects organizations from external threats and ensures compliance.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?
How are U.S. CISOs Addressing Liability Risk?

Community Posts

Does the concept of Attack Surface Management vs. Attack Surface Analysis make sense to you?

Read More Comments

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Read More Comments

For European companies with DORA requirements – DORA expects to have in place exit strategies for critical IT providers, and internal IT providers. How are you handling exit strategies for internal IT providers (especially when they're set up as separate legal entities within your group)? More importantly, has anyone actually conducted the required exit strategy tests for internal providers, and if so, how did you approach it?

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

Read More Comments

My agency is looking for a system and operations center to prevent exfiltration of data. We have looked at Varonis and Blackfog. Any thoughts on these products or are there any suggestions of other products?

What are the main 10 features requested in a GRC platform?

Read More Comments

What tool did you adopt to support your third-party risk management practice? 

My vendor experienced a major breach — should I continue with them?

Read More Comments

Which Vendor Risk Ratings platform do you use? BitSight Security Scorecard Venminder Other/Comments?

What should be included in a high-level policy for third-party cybersecurity risks?

Read More Comments

“Risk needs to be quantified in monetary value.”

Strongly agree17%

Agree59%

Neutral18%

Disagree2%

Strongly disagree

Other (explain in the comments)

View Results

How do you foresee the data security and privacy landscape changing over the course of 2023?

Read More Comments

What can organizations do to mitigate risks from Windows 10 devices that can’t be upgraded to Windows 11, like industrial control systems (ICS)?

We are about to select Dow Jones RiskCenter Third Party API for screening of our business partners. Has anyone already experienced it? Any advice?

Read More Comments

What is the most important role of corporate culture in addressing the psychological impact of digital security?

Corporate culture has no influence on digital security.16%

Prioritizing digital security above other aspects in corporate culture.50%

Creating a work environment that supports mental well-being.17%

All of the above.16%

Your own perspective (Comment).1%

View Results

What is the top cybersecurity issue your organization is facing?

Data breaches due to remote work7%

Ransomware attacks51%

Lack of a corporate security plan23%

Missing security patches9%

Failure to inform employees of threats4%

Other (please specify)2%

View Results