Blog

Getting the Risk Data Right – TPRM’s Biggest Challenge

In third party risk, issues around data – data security and data privacy - often hold center court. In the wake of the recent onslaught of cyber attacks and data breaches, as well as the enhanced and new regulatory efforts to contain them, third party risk managers can often find themselves spending a lot of time talking about data.

But are they focusing on one aspect of the businesses’ data, at the expense of improving their own? Today, third party risk management (TPRM) executives are being asked to help shape their corporate data strategies, while their approach to their own risk data can be painfully out-of-date.

Two recent surveys show that while vendor risk issues may be a high priority for organizations’ finance teams, the way data is used within the risk management discipline falls considerably behind how other parts of the business may be using data to help deliver on the firm’s strategic goals.

Read More

Topics: third party risk management, Data Security & Privacy, cybersecurity, tprm, risk-scoring, cybersecurity regulation, cyber risk, third party governance, supplier risk, cyber resiliance, vendor risk, internal audit, regulation, data quality checks, vendor database, compliance data, data risk

Expert Interview: Tom Garrubba on Six Ways Collaboration Can Enhance Your TPRM Program

Collaboration is a term that makes people either cheer or wince. However, today collaboration is essential to be a successful third party risk manager – the discipline has moved well beyond administrative box-ticking. Now, a strong culture of collaboration can help create the right environment to foster TPRM program excellence, and drive real value for organizations.

Read More

Topics: risk and compliance, third party risk management, GDPR, board of directors, governance, tprm, third party risk, risk appetite, board accountability, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, occ compliance, risk assessment, shared assessments, third party risk assessment, standardization programs, gdpr processor, third party risk regulators, regulatory frameworks, internal audit, third party compliance, third party vendor, FFIEC