What department typically owns the Third Party due diligence/assessment process?

Third Party Risk Management (TPRM)

Procurement14%

Operational Risk44%

Audit20%

Vendor Risk Management 10%

Cybersecurity9%

Legal2%

86 PARTICIPANTS

1.3k views

Content you might like

For European companies with DORA requirements – DORA expects to have in place exit strategies for critical IT providers, and internal IT providers. How are you handling exit strategies for internal IT providers (especially when they're set up as separate legal entities within your group)? More importantly, has anyone actually conducted the required exit strategy tests for internal providers, and if so, how did you approach it?

Were you impacted by the ransomware attack on Rackspace Hosted Exchange?

Yes54%

No44%

Unsure1%

View Results

Certificates of Insurance (COI): Collecting from Suppliers for Risk Mitigation • Does your company collect COIs annually from your suppliers? • What criteria do you use to determine from which suppliers to collect COIs annually? Are there industry benchmarks for this?

Read More Comments

How are you managing Section 232 derivative data collection besides Microsoft Excel? Any tools out there to help expedite the process?

What is the top cybersecurity issue your organization is facing?

Data breaches due to remote work8%

Ransomware attacks50%

Lack of a corporate security plan23%

Missing security patches9%

Failure to inform employees of threats4%

Other (please specify)2%

View Results