Risk Management Blog and Articles

June 25, 2020

Quantifying Your TPRM Program: Business Impact and Vendor Scoring

A consistent scoring system for quantifying your TPRM program will improve decision-making, enhance visibility, and demonstrate the value of your strategy.
June 18, 2020

NERC CIP-013 Requirements and CIP-013-1 Implementaiton Guidance

As of October 1st, 2020 energy organizations will have to focus on addressing specific third-party cybersecurity risks. This blog looks at some key points of the standard and how TPRM technology can help complyi.
June 12, 2020

5 Common Mistakes When Building a Third-Party Risk Management Program

Here are five common mistakes to avoid along with our tips for building the TPRM program in a way that best serves your organization and the people who work within it.
June 4, 2020

Obtaining and Retaining Executive Buy-in To Your Third-Party Risk Management Program

Tone at the top is critical. Here are seven tips for obtaining and maintaining the support you need from the C-suite
May 28, 2020

Vendor Communication Best Practices for Successful TPRM

It’s hard to set expectations and discuss findings via email. Here's how to improve communication with third-parties for a successful TPRM program.
May 21, 2020

Why the OWASP Top 10 can be an ally to your organization

The OWASP Top 10 is a good starting point for detecting possible issues around third-party components. So how does it relate to TPRM?
May 15, 2020

A Buyer’s Guide to Third-Party Risk Management: Get Our Free eBook

We gathered the questions you might need to ask to find the right tool. Download our Buyer’s Guide to Third-Party Risk Management ebook for free!
May 7, 2020

Third-party risk assessments in Legal: SIG, SOC-2, ISO 27001 and other stories

With all the different types of certifications and risk assessments in Legal, what’s the definite proof that a third-party can be trusted?
April 30, 2020

How to think of your TPRM program from a governance perspective

Sometimes, risk accountability is shared among multiple areas or business owners. So how to build a central program to be deployed across the organization?