Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).
The discipline is designed to give organizations an understanding of the third parties they use, how they use them, and what safeguards their third parties have in place. The scope and requirements of a TPRM program are dependent on the organization and can vary widely depending on industry, regulatory guidance, and other factors. Still, many TPRM best practices are universal and applicable to every business or organization.
While exact definitions may vary, the term “third-party risk management” is sometimes used interchangeably with other common industry terms, such as vendor risk management (VRM), vendor management, supplier risk management, or supply chain risk management. However, TPRM is often thought of as the overarching discipline that encompasses all types of third parties and all types of risks.
While third-party risk isn’t a new concept, upticks in breaches across industries and a greater reliance on outsourcing have brought the discipline into the forefront like never before. Disruptive events, have impacted almost every business and their third parties – no matter the size, location, or industry. In addition, data breaches or cyber security incidents are common. In in 2021, the impact that third parties have on business resilience was highlighted through outages and other third-party incidents. Some of the ways you can be impacted are:
Most modern organizations rely on third parties to keep operations running smoothly. So, when your third parties, vendors, or suppliers can’t deliver, there can be devastating and long-lasting impacts.
For example, you may rely on a service provider such as Amazon Web Services (AWS) to host a website or cloud application. Should AWS go offline, your website or application also goes offline. An additional example could be the reliance on a third party to ship goods. If the shipping company’s drivers go on strike, that can delay expected delivery times and lead to customer cancellations and distrust, which will negatively impact your organization’s bottom line and reputation.
Outsourcing is a necessary component of running a modern business. It not only saves a business money, but it’s a simple way to take advantage of expertise that an organization might not have in house. The downside is that if a proper TPRM program is not in place, relying on third parties can leave your business vulnerable.
There are endless TPRM best practices that can help you build a better program, regardless of whether you’re just beginning to make TPRM a priority, or you want to understand where your existing program could be improved. We’ve outlined what we believe are the 3 most critical best practices that are applicable to nearly every company.
Not all vendors are equally important, which is why it is critical to determine which third parties matter most. To improve efficiency in your TPRM program, segment your vendors into criticality tiers.
Most companies segment vendors into three groups:
In practice, organizations will focus their time and resources on tier 1 vendors first, as they require more stringent due diligence and evidence collection. Typically, tier 1 vendors are subject to the most in-depth assessments, which often includes on-site assessment validation.
Many times, especially during initial evaluation, these tiers are calculated based on the inherent risk of the third party. Inherent risk scores are generated based on industry benchmarks or basic business context, such as whether or not you will be:
Additionally, impact of the vendor can be a determining factor. If a third party can’t deliver their service, how would that impact your operations? When there is significant disruption, the risk of the vendor will inevitably be higher. Determine this impact by considering:
Another way to tier vendors is by grouping based on contract value. Big-budget vendors may automatically be segmented as a tier 1 vendor due to the high risk based solely on the value of the contract.
Efficiencies emerge when operations are consistent and repeatable. There are a number of areas in the TPRM lifecycle where automation is ideal. These areas include, but are not limited to:
Every TPRM program is different, so start by looking internally at the repeatable processes that are ripe for automation. From there, start small and take practical steps to automate key tasks. Over time, these small automations will compound, saving your team valuable time, money, and resources.
When considering a third-party risk or vendor risk management program, many organizations immediately think about cybersecurity risks. But TPRM entails so much more. While starting small and focusing only on cybersecurity risks is a good first step, there are other types of risks that need to be prioritized. These risks include:
The key takeaway here is that understanding all relevant types of risk (and not just cybersecurity) is imperative to building a world-class TPRM program.
The third-party risk management lifecycle is a series of steps that outlines a typical relationship with a third party. TPRM is sometimes referred to as “third-party relationship management.” This term better articulates the ongoing nature of vendor engagements. Typically, the TPRM lifecycle, is broken down into several stages. These stages include:
There are many ways to identify the third parties your organization is currently working with, as well as ways to identify new third parties your organization wants to use.
To identify vendors already in use and build a vendor inventory, organizations take multiple approaches, which include:
To identify new third parties, organizations will often leverage a self-service portal as part of their third-party risk management program. With a self-service portal, business owners can build their inventory. Share the portal with your business by linking to it from your intranet or SharePoint. Self-service portals also help gather preliminary information about the third party, such as:
Using this information, you can classify third parties based on the inherent risk that they pose to your organization.
During the evaluation and selection phase, organizations consider RFPs and choose the vendor they want to use. This decision is made using a number of factors that are unique to the business and its specific needs.
Vendor risk assessments take time and are resource-intensive, which is why many organizations are using a third-party risk exchange to access pre-completed assessments. Other common methods include using spreadsheets or assessment automation software. Either way, the primary goal of understanding the risks associated with the vendor is the same.
Common standards used for assessing vendors include:
As well as industry-specific standards, such as:
After conducting an assessment, risks can be calculated, and mitigation can begin. Common risk mitigation workflows include the following stages:
Sometimes done in parallel with risk mitigation, the contracting and procurement stage is critical from a third-party risk perspective. Contracts often contain details that fall outside the realm of TPRM. Still, there are key provisions, clauses, and terms that TPRM teams should look out for when reviewing vendor contracts.
Some of these include:
Home in on these key terms to report on requirements in a structured format. Simply determine if key clauses are adequate, inadequate, or missing.
Building a strong TPRM program requires organizations to maintain compliance. This step is often overlooked. Maintaining detailed records in spreadsheets is nearly impossible at scale, which is why many organizations implement TPRM software. With auditable recordkeeping in place, it becomes much easier to report on critical aspects of your program to identify areas for improvement.
In practice, a sample reporting dashboard may include:
An assessment is a “moment-in-time” look into a vendor’s risks; however, engagements with third parties do not end there – or even after risk mitigation. Ongoing vendor monitoring throughout the life of a third-party relationship is critical, as is adapting when new issues arise.
For example, new regulations, negative news stories, high-profile data breaches, and evolving usage of a vendor, may all impact the risks associated with your third parties. Some key risk-changing events to monitor include:
A thorough offboarding procedure is critical, both for security purposes and recordkeeping requirements. Many organizations have developed an offboarding checklist for vendors, which can consist of both an assessment sent internally and externally to confirm that all appropriate measures were taken. Critical too is the ability to maintain detailed evidence trail of these activities to demonstrate compliance in the event of regulatory inquiry or audit.
There is no one-size-fits-all approach to third-party risk management. All companies are different, and as a result, there is no set-in-stone department that owns vendor risk responsibilities. Some mature organizations may have a third-party risk or vendor management team, but many organizations do not. As a result, common job titles and departments that “own” third-party risk include:
The list above is by no means comprehensive; however, the diverse variety of titles and departments can shed some light on the diverse approaches taken to third-party risk management.
Ultimately, these stakeholders and departments must work together to manage vendors throughout the third-party lifecycle. As such, TPRM often extends into many departments and across many different roles.
With third-party management software, your organization can develop and scale a successful TPRM management program that adds value to your bottom line. The return on investment (ROI) is significant when leveraging the automation opportunities that purpose-built software provides. The biggest benefits include:
“The OneTrust platform leverages expertise in Tech Risk & Compliance, specializing in Third-Party Management, Privacy Automation, Incident Management, and many other categories to deliver an immersive security and privacy management experience. Reduce your vendor, supplier, and third-party risks with OneTrust Third-Party Management software. The software enables you to run compliance checks and screen vendors. Additionally, our software empowers organizations to conduct vendor risk assessments and mitigate risks through highly customizable workflow automation. The OneTrust Third-Party Risk Exchange enables businesses to access risk analytics and control gap reports on vendors, and provides vendors with an opportunity to centralize their compliance details and promote them to thousands of OneTrust customers to easily share.”
Webinar
Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.
Webinar
Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.
Webinar
Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.
Webinar
Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.
Webinar
This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.
Webinar
This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.
Seminario web
Acompáñanos en esta sesión dónde repasaremos los principales requisitos de la normativa NIS2 y su impacto. Además, podrás asistir a una demostración práctica y conocer cómo OneTrust te ayuda a resolver los retos de gobernanza, gestión de riesgos y terceros, gestión de incidentes y cumplimiento asociados a la normativa.
Seminario web
Acompáñanos en esta sesión dónde repasaremos los principales requisitos de la normativa NIS2 y su impacto. Además, podrás asistir a una demostración práctica y conocer cómo OneTrust te ayuda a resolver los retos de gobernanza, gestión de riesgos y terceros, gestión de incidentes y cumplimiento asociados a la normativa.
Infographic
Infographic
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Webinar
Join for a live demo of new features from OneTrust’s Fall release and understand how OneTrust Third-Party Management can revolutionize your third-party risk management approach.
Report
As AI continues to offer unparalleled opportunities for business innovation, it also presents risks that organizations must tackle head-on through scalable governance programs that span multiple data sources. Six key trends are defining these challenges.
Webinar
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
Webinar
In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.
Blog
Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.
Blog
Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.
Webinar
Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.
Webinar
Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.
Webinar
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
Webinar
Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.
eBook
Streamline third-party relationships and avoid common mistakes in the process.
eBook
Streamline third-party relationships and avoid common mistakes in the process.
Checklist
Third-party management doesn’t have to be a complicated process for your business.
Checklist
Third-party management doesn’t have to be a complicated process for your business.
Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
Infographic
Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.
Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
Infographic
Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.
eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
eBook
It’s imperative for security teams to implement a holistic approach to third-party management.
Blog
Overseeing business relationships isn’t just about controlling risk — companies must understand how to manage third parties holistically.
Blog
Overseeing business relationships isn’t just about controlling risk — companies must understand how to manage third parties holistically.
Webinar
Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.
Webinar
Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.
Webinar
Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.
Webinar
Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.
Webinar
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
Webinar
Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.
Webinar
Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.
Webinar
Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.
Blog
Learn how to empower your compliance program with a unified third-party management program.
Blog
Learn how to empower your compliance program with a unified third-party management program.
E-Book
Dieser Leitfaden zum Risikomanagement für Dritte gibt Ihnen einen Überblick über die Voraussetzungen für den Aufbau eines erfolgreichen Risikomanagementprogramms für Dritte.
E-Book
Dieser Leitfaden zum Risikomanagement für Dritte gibt Ihnen einen Überblick über die Voraussetzungen für den Aufbau eines erfolgreichen Risikomanagementprogramms für Dritte.
Webinar
Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.
Webinar
Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.
eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
eBook
Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.
Blog
Explore DORA's goals, the new requirements, and how organizations can prepare now to meet the framework ahead of the January 2025 deadline.
Blog
Explore DORA's goals, the new requirements, and how organizations can prepare now to meet the framework ahead of the January 2025 deadline.
Blog
Analiza los objetivos de la DORA, los nuevos requisitos y cómo las organizaciones pueden prepararse en la actualidad para cumplir con el marco antes del plazo de enero de 2025.
Blog
Analiza los objetivos de la DORA, los nuevos requisitos y cómo las organizaciones pueden prepararse en la actualidad para cumplir con el marco antes del plazo de enero de 2025.
Webinar
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
Webinar
As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.
Blog
See our key insights and discover why robust risk management across third parties, fourth parties, and beyond is crucial.
Blog
See our key insights and discover why robust risk management across third parties, fourth parties, and beyond is crucial.
Webinar
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
Webinar
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
Webinar
Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Evento presencial
Pensamos que este é um ótimo momento para estarmos com vocês e, por isso, estamos muito felizes em anunciar a 1ª edição do OneTrust Day Portugal, um evento exclusivo para todo o país, onde vamos falar sobre os temas mais atuais e relevantes no mundo da Privacidade, Inteligência Artificial, Consentimento e Preferências e Gestão de Riscos de Terceiros.
Webinar
This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.
Webinar
This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.
Webinar
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
Webinar
In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.
Infographic
Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.
Blog
Read our article on the Digital Operational Resilience Act (DORA) and how organizations can effectively manage ICT risk and third-party risk to ensure compliance
Blog
Read our article on the Digital Operational Resilience Act (DORA) and how organizations can effectively manage ICT risk and third-party risk to ensure compliance
Infographic
Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.
Blog
Leggi il nostro articolo sul regolamento sulla resilienza operativa digitale (Digital Operational Resilience Act, DORA) e su come le aziende possono gestire efficacemente i rischi legati alle TIC e alle terze parti per garantire la conformità
Blog
Leggi il nostro articolo sul regolamento sulla resilienza operativa digitale (Digital Operational Resilience Act, DORA) e su come le aziende possono gestire efficacemente i rischi legati alle TIC e alle terze parti per garantire la conformità
Blog
Consulta nuestro artículo sobre el Reglamento sobre resiliencia operativa digital (DORA) y cómo las organizaciones pueden gestionar de forma eficaz el riesgo de las TIC y el riesgo de terceros con objeto de garantizar el cumplimiento normativo
Blog
Consulta nuestro artículo sobre el Reglamento sobre resiliencia operativa digital (DORA) y cómo las organizaciones pueden gestionar de forma eficaz el riesgo de las TIC y el riesgo de terceros con objeto de garantizar el cumplimiento normativo
Webinaire
Webinar : comment relever les défis de la gestion des risques tiers tels que : la complexité croissante des réseaux de fournisseurs, la conformité réglementaire changeante et la nécessité de gérer efficacement les relations avec les tiers pour atténuer les risques et maintenir la continuité des activités.
Webinaire
Webinar : comment relever les défis de la gestion des risques tiers tels que : la complexité croissante des réseaux de fournisseurs, la conformité réglementaire changeante et la nécessité de gérer efficacement les relations avec les tiers pour atténuer les risques et maintenir la continuité des activités.
Seminario web
Acompáñanos el próximo 24 de abril a esta sesión y descubre como OneTrust y Deloitte facilitan la adopción de DORA y sus estándares asociados en una sesión práctica donde veremos desde la Gestión de Riesgos y la Gestión de Incidentes, hasta el Registro de Información de la cadena de suministro.
Seminario web
Acompáñanos el próximo 24 de abril a esta sesión y descubre como OneTrust y Deloitte facilitan la adopción de DORA y sus estándares asociados en una sesión práctica donde veremos desde la Gestión de Riesgos y la Gestión de Incidentes, hasta el Registro de Información de la cadena de suministro.
Webinar
Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation
Webinar
Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.
Webinar
Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.
Infographie
Quels sont les principaux défis auxquels les RSSI sont confrontés ? Téléchargez cette infographie pour connaître l'avis d'experts de tous les secteurs d'activité.
Infographie
Quels sont les principaux défis auxquels les RSSI sont confrontés ? Téléchargez cette infographie pour connaître l'avis d'experts de tous les secteurs d'activité.
Video
Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems.
Video
Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems.
Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
Checklist
See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.
Webinar
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
Webinar
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
Kundengeschichte
Multinationale Sportmarke erfindet das Lieferantenrisikomanagement neu – mit einem kollaborativen, unternehmensweiten Ansatz
Kundengeschichte
Multinationale Sportmarke erfindet das Lieferantenrisikomanagement neu – mit einem kollaborativen, unternehmensweiten Ansatz
Blog
Risques tiers liés à l'IA - Comment rester en contrôle ? Découvrez notre approche complète pour l'évaluation de vos fournisseurs
Blog
Risques tiers liés à l'IA - Comment rester en contrôle ? Découvrez notre approche complète pour l'évaluation de vos fournisseurs
Video
Watch this video for the five top trends shaping the third-party management industry this year.
Video
Watch this video for the five top trends shaping the third-party management industry this year.
Blog
Assessing third-party risk for AI vendors is critical to AI governance, but you don’t have to start your assessment process from scratch. Learn more about taking a holistic approach to vendor assessments for AI.
Blog
Assessing third-party risk for AI vendors is critical to AI governance, but you don’t have to start your assessment process from scratch. Learn more about taking a holistic approach to vendor assessments for AI.
Blog
Die Risikobewertung von KI-Anbietern ist ein wichtiger Bestandteil der KI-Governance, aber Sie müssen Ihren Bewertungsprozess nicht bei Null beginnen. Erfahren Sie mehr darüber, wie Sie einen ganzheitlichen Ansatz bei der Bewertung von KI-Anbietern verfolgen.
Blog
Die Risikobewertung von KI-Anbietern ist ein wichtiger Bestandteil der KI-Governance, aber Sie müssen Ihren Bewertungsprozess nicht bei Null beginnen. Erfahren Sie mehr darüber, wie Sie einen ganzheitlichen Ansatz bei der Bewertung von KI-Anbietern verfolgen.
Blog
Evaluar el riesgo de terceros de los proveedores de IA es fundamental para la gobernanza de la IA, pero no tienes por qué iniciar tu proceso de evaluación desde cero. Obtén más información sobre cómo adoptar un enfoque integral con respecto a las evaluaciones de proveedores para la IA.
Blog
Evaluar el riesgo de terceros de los proveedores de IA es fundamental para la gobernanza de la IA, pero no tienes por qué iniciar tu proceso de evaluación desde cero. Obtén más información sobre cómo adoptar un enfoque integral con respecto a las evaluaciones de proveedores para la IA.
Blog
La valutazione dei rischi da parte di terzi per quanto riguarda i vendor di intelligenza artificiale è di fondamentale importanza per la governance dell'IA, ma non è necessario iniziare questo processo da zero. Scopri di più su come adottare un approccio globale alle valutazioni dei vendor di intelligenza artificiale.
Blog
La valutazione dei rischi da parte di terzi per quanto riguarda i vendor di intelligenza artificiale è di fondamentale importanza per la governance dell'IA, ma non è necessario iniziare questo processo da zero. Scopri di più su come adottare un approccio globale alle valutazioni dei vendor di intelligenza artificiale.
Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
Checklist
Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.
Infographic
What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.
Infographic
What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.
Webinar
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
Webinar
Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.
Webinar
Attend this demo to see how our TPRM solution can help you identify and mitigate risk as well as automate manual and repetitive tasks to ultimately reduce the time you spend managing your vendors
Webinar
Insight into your third parties’ inherent risks can change the way you run your TPM program.
Webinar
Insight into your third parties’ inherent risks can change the way you run your TPM program.
Webinar
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
Webinar
Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.
Blog
What role do third parties play in your privacy compliance efforts? Learn how the two functions overlap and ways to keep data secure across your supply chain.
Blog
What role do third parties play in your privacy compliance efforts? Learn how the two functions overlap and ways to keep data secure across your supply chain.
Blog
Quel rôle les tiers jouent-ils dans votre conformité en matière de confidentialité ? Découvrez les connections entre les deux fonctions et comment garantir la sécurité des données dans votre chaîne d’approvisionnement.
Blog
Quel rôle les tiers jouent-ils dans votre conformité en matière de confidentialité ? Découvrez les connections entre les deux fonctions et comment garantir la sécurité des données dans votre chaîne d’approvisionnement.
Blog
¿Qué papel desempeñan los terceros en tus esfuerzos de cumplimiento normativo en materia de privacidad? Descubre cómo se solapan las dos funciones y cómo mantener los datos seguros a lo largo de toda tu cadena de suministros.
Blog
¿Qué papel desempeñan los terceros en tus esfuerzos de cumplimiento normativo en materia de privacidad? Descubre cómo se solapan las dos funciones y cómo mantener los datos seguros a lo largo de toda tu cadena de suministros.
Webinar
Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.
Webinar
Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.
Webinar
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
Webinar
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
Blog
Security teams can help create and champion organizational trust despite interdepartmental silos
Blog
As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.
Blog
Security teams can help create and champion organizational trust despite interdepartmental silos
Blog
As the technological landscape continues to evolve, teams are seeing increases in compliance obligations, regulations, and the proliferation of cloud technology.
Blog
The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.
Blog
The cybersecurity awareness hub pulls resources from our experts on the Security CoE, GRC, Privacy, DataGuidance, and TPRM teams to a central resource.
Webinar
Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.
Webinar
Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.
Webinar
Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.
Webinar
Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.
Webinar
In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.
Webinar
In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.
Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
Infographic
Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.
Webinar
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
Webinar
Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.
Webinar
Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.
Webinar
Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.
Webinar
Dieses Webinar erläutert, wie Sie mit einem Third Party Risk Management-Programm datenschutzbezogene Risiken verringern, Compliance Records mit Leichtigkeit führen und die Zusammenarbeit von Geschäftseinheiten fördern können.
Webinar
Dieses Webinar erläutert, wie Sie mit einem Third Party Risk Management-Programm datenschutzbezogene Risiken verringern, Compliance Records mit Leichtigkeit führen und die Zusammenarbeit von Geschäftseinheiten fördern können.
Webinar
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
Webinar
In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.
Blog
Learn how to implement an effective third-party risk management program that meets your organization's needs.
Blog
How to start a third-party risk management program: Monitor and maintain performance
Blog
Create a TPRM program that addresses your organization’s highest security risks and aligns with strategic objectives
Blog
Learn how to implement an effective third-party risk management program that meets your organization's needs.
Blog
How to start a third-party risk management program: Monitor and maintain performance
Blog
Create a TPRM program that addresses your organization’s highest security risks and aligns with strategic objectives
Webinar
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
Webinar
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
Blog
Learn about the different types of third-party risks and how to address each one
Blog
Learn about the different types of third-party risks and how to address each one
Video
See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.
Video
See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.
Video
The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.
Video
The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.
Webinar
Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows.
Webinar
Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows.
Webinar
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
Webinar
Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.
Seminario web
Dominar el arte de la diligencia debida y la gestión de riesgos y cómo armonizarlos para maximizar su eficacia.
eBook
Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.
eBook
Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.
Blog
OneTrust customers can take advantage of HackNotice’s near real-time breach alerts.
Blog
OneTrust customers can take advantage of HackNotice’s near real-time breach alerts.
Blog
The recent decision cast fresh doubt over the effectiveness of transfer safeguards and supplementary measures in conjunction with the practical application of third-country surveillance laws.
Blog
The recent decision cast fresh doubt over the effectiveness of transfer safeguards and supplementary measures in conjunction with the practical application of third-country surveillance laws.
Webinar
In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.
Webinar
In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.
Webinar
Join us for a live demo of OneTrust's Third-Party Management capabilities and how our holistic approach helps you monitor and screen third parties across critial risk domains with up-to-date intelligence.
Webinar
In this webinar, see how OneTrust's Third-Party Management can help you build a more holistic program that actively monitors your third parties and lowers your risk exposure.
Blog
OneTrust anuncia nuevas innovaciones dentro de su plataforma de Trust Intelligence para ayudar a las empresas a utilizar los datos de forma responsable y desarrollar inteligencia de confianza a escala.
Webinar
In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.
Webinar
In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.
Webinar
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
Webinar
Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.
Blog
In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
Infographic
The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.
Infographic
The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.
Webinar
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
Webinar
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
Blog
Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.
Blog
Businesses need a comprehensive third-party management strategy covering all aspects of their relationships with third parties, such as security, privacy, ethics, and ESG.
Blog
Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.
Blog
Sharing information and resources across organizational silos is mutually beneficial for teams with the common goal of mitigating data privacy risk.
Blog
The partnership with Supply Wisdom brings compliance, financial, location-based ESG, and cyber risk data to Exchange customers and their third parties.
Blog
The partnership with Supply Wisdom brings compliance, financial, location-based ESG, and cyber risk data to Exchange customers and their third parties.
Webinar
Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED
Webinar
Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED
Webinar
In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.
Webinar
In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.
Webinar
Dieses Webinar thematisiert einen strukturierten und effektiven Umgang mit IT-/IS- Risikomanagement.
Webinar
Dieses Webinar thematisiert einen strukturierten und effektiven Umgang mit IT-/IS- Risikomanagement.
Blog
The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.
Blog
The Third-Party Risk Exchange allows businesses to learn more about each other's security posture, offer SIG Lite assessments on-demand, and more.
Webinar
Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.
Webinar
Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.
Blog
From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.
Blog
From a new focus on ESG to a renewed need for cybersecurity, third-party and vendor risk management solutions have become a priority for organizations.
Seminario web
En la tercera sesión de la Academia RGPD hablaremos sobre los riesgos de proveedores (y empleados), crítico en los programas de privacidad.
Webinar
In this third-party lifecycle webinar, we’ll explore the contracting problem many organizations face when limiting risk exposure while automating processes.
Blog
A well-designed compliance program should apply risk-based due diligence and have a process for the full lifecycle of third-party risk management
Blog
A well-designed compliance program should apply risk-based due diligence and have a process for the full lifecycle of third-party risk management
Blog
Todo programa de cumplimiento normativo bien diseñado debe aplicar la diligencia debida basada en riesgos y disponer de un proceso para todo el ciclo de vida de gestión de riesgos de terceros.
Blog
Todo programa de cumplimiento normativo bien diseñado debe aplicar la diligencia debida basada en riesgos y disponer de un proceso para todo el ciclo de vida de gestión de riesgos de terceros.
Video
Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.
Video
Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.
Webinar
In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.
Webinar
In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.
Webinar
Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.
Blog
To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.
Webinar
Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.
Blog
To help organizations take a holistic approach to the third-party contracting and risk management process, OneTrust has partnered with Ironclad.
Blog
CPOs track risk via data mapping, in which data is discovered, assessed, and tracked as it flows throughout the organization, including to third parties.
Blog
CPOs track risk via data mapping, in which data is discovered, assessed, and tracked as it flows throughout the organization, including to third parties.
Webinar
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
Webinar
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
Webinar
In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.
Webinar
In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.
Blog
We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.
Blog
We are partnering with RiskRecon, a Mastercard Company to make cybersecurity ratings available out-of-the-box to all Third-Party Risk Exchange customers.
Webinar
This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.
Webinar
This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.
Blog
In 2021, there was a 62% global attack spike in ransomware (158% increase in North America), and an increased focus on attacks by regulatory bodies.
Blog
In 2021, there was a 62% global attack spike in ransomware (158% increase in North America), and an increased focus on attacks by regulatory bodies.
Webinar
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
Webinar
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
Webinar
This webinar will provide live product demonstrations to show you how your organization can optimize and scale a third-party risk program.
Webinar
Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.
Webinar
Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.
Webinar
We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.
Webinar
We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.
Blog
OneTrust simplifies third-party management by enabling control and visibility throughout the entire third-party lifecycle while you manage third parties.
Blog
OneTrust simplifies third-party management by enabling control and visibility throughout the entire third-party lifecycle while you manage third parties.
Blog
OneTrust simplifica la gestión de terceros al permitir el control y la visibilidad a lo largo de todo el ciclo de vida de los terceros mientras tú los administras.
Blog
OneTrust simplifica la gestión de terceros al permitir el control y la visibilidad a lo largo de todo el ciclo de vida de los terceros mientras tú los administras.
Webinar
Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.
Webinar
Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.
Webinar
In this webinar, we'll discuss third-party risk management's role in privacy compliance and cost-effective techniques for maintaining records for compliance.
Webinar
In this webinar, we'll discuss third-party risk management's role in privacy compliance and cost-effective techniques for maintaining records for compliance.
eBook
Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start
eBook
Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start
Webinar
Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.
Webinar
Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.
Blog
As more tasks are outsourced to third-party providers, risk management programs become critical to securing sensitive data
Blog
As more tasks are outsourced to third-party providers, risk management programs become critical to securing sensitive data
Webinar
In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.
Webinar
In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.
Webinar
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
Webinar
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
Webinar
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
Webinar
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
Webinar
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
Webinar
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
Checklist
Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.
Checklist
Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.
Infographic
In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.
Infographic
In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.
Webinar
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
Webinar
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
Blog
To become a trust-based business, protect your brand's reputation, and ensure compliance, you'll need to vet and monitor your third-party relationships.
Blog
To become a trust-based business, protect your brand's reputation, and ensure compliance, you'll need to vet and monitor your third-party relationships.
eBook
Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.
eBook
Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.
Webinar
Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.
Webinar
Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.
Blog
The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.
Blog
The information gathered from security questionnaires is critical in the evaluation of business and security practices, and is crucial for compliance.
Webinar
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
Webinar
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
Webinar
Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform
Webinar
Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform
Webinar
In this webinar, we will provide you with the steps that you need to define a solid third-party risk management program
Webinar
In this webinar, we will provide you with the steps that you need to define a solid third-party risk management program
Blog
OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.
Blog
OneTrust is expanding its partnership with SecurityScorecard to enable Third-Party Risk Exchange customers to view complementary Cybersecurity Ratings.
Report
See why Forrester named OneTrust a leader in The Forrester Wave: Third-Party Risk Management Platforms, Q2 2022 report.
Infographic
Download this infographic and learn how a central platform can integrate IT, security, and risk-management and streamline collaboration across your business.
Webinar
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
Webinar
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
Blog
A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.
Webinar
Discover effective strategies for preparing security questionaire responses with our free webinar.
Webinar
Discover effective strategies for preparing security questionaire responses with our free webinar.
Blog
A zero-day Java vulnerability, "Spring4Shell" surfaced and experts believe it could be as impactful as 2021's Log4j. Read to learn more.
Webinar
Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.
Webinar
Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.
eBook
Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.
eBook
Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.
Report
Download the 2022 Gartner Peer Insights Customers' Choice for IT VRM Tools to see why customers choose OneTrust Vendorpedia.
Blog
OneTrust has been named a Customers' Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer': IT Vendor Risk Management Tools.
Blog
OneTrust has been named a Customers' Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer': IT Vendor Risk Management Tools.
White Paper
Download this joint research report conducted by CyberRisk Alliance and Vendorpedia to understand today's third-party risk landscape.
White Paper
Download this joint research report conducted by CyberRisk Alliance and Vendorpedia to understand today's third-party risk landscape.
Blog
Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.
Blog
Introducing QRA cell detection – a powerful QRA enhancement that eases the spreadsheet-based questionnaire response process for vendors.
Blog
Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!
Blog
Third-party risk management is key to any business. Learn how to master the TPRM lifecycle across your organization in our newest video blog!
Blog
Make the business case for TPRM in your organization and get access to our TPRM buy-in guide to learn how! Read the blog to learn more.
Blog
Make the business case for TPRM in your organization and get access to our TPRM buy-in guide to learn how! Read the blog to learn more.
eBook
In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.
eBook
In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.
Webinar
Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.
Webinar
Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.
Webinar
Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.
Webinar
Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.
Blog
Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!
Blog
Third-Party Trust Management (TPTM) is the next evolution of third-party risk and is key enterprise trust strategy. Learn more in our blog!
Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
Webinar
This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.
Webinar
This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.
Blog
In 2021, TPRM and cybersecurity remained at the forefront of business strategy, so what's next? Learn about 2022 TPRM predictions in our blog!
Blog
In 2021, TPRM and cybersecurity remained at the forefront of business strategy, so what's next? Learn about 2022 TPRM predictions in our blog!
Blog
Learn about the impact of third-party service outages and how to stand up a TPRM-informed business resilience strategy in our latest blog.
Blog
Learn about the impact of third-party service outages and how to stand up a TPRM-informed business resilience strategy in our latest blog.
Blog
A new, critical vulnerability that impacts a popular open-source Java logging library, Apache Log4j 2 exists. Read more in our blog.
Blog
A new, critical vulnerability that impacts a popular open-source Java logging library, Apache Log4j 2 exists. Read more in our blog.
eBook
Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.
eBook
Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.
Blog
Learn how to manage risk in a time-friendly, cost-effective way with low effort for your vendors with our SIG 2022 shared assessments support.
Blog
Learn how to manage risk in a time-friendly, cost-effective way with low effort for your vendors with our SIG 2022 shared assessments support.
Blog
For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.
Blog
For the third consecutive year, OneTrust is a leader in the 2021 Gartner Magic QuadrantTM for IT Vendor Risk Management Tools.
Blog
Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.
Blog
Implementing a consistent security questionnaire answering process will save your organization time and money. Read our guide to learn more.
Report
Read why OneTrust once again received analyst recognition The Forrester Wave: Third-Party Risk Management Platforms, Q4 2020.
Webinar
Access this free webinar to learn how to be a trusted vendor.
Webinar
Access this free webinar to learn how to be a trusted vendor.
eBook
Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.
eBook
Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.
Blog
AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.
Blog
AutoZone Goes the Extra Mile and drives TPRM operations with OneTrust Third-Party Risk Management. Learn more from Auto Zone TPRM, Ryan Walker.
eBook
Download our guide to building an effective vendor risk management program and how risk exchanges are vital to your business.
Blog
Vendor risk management (VRM) is a form of risk management that focuses on identifying and reducing risks relating to vendors.
Blog
Vendor risk management (VRM) is a form of risk management that focuses on identifying and reducing risks relating to vendors.
Blog
La gestión de riesgos de terceros es un método de gestión de riesgos que se centra en identificar y reducir los riesgos que están relacionados con el uso de terceros.
Blog
La gestión de riesgos de terceros es un método de gestión de riesgos que se centra en identificar y reducir los riesgos que están relacionados con el uso de terceros.
Blog
La gestione dei rischi da parte di terzi (Third-party Risk Management, TPRM) è una forma di gestione dei rischi che si concentra sull'identificazione e la riduzione dei rischi relativi all'utilizzo di terze parti.
Blog
Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.
Blog
Shared Assessments will remain vendor neutral post-acquistion to grow the SIG third-party risk standard globally.
Video
Watch the demo of our Questionnaire Response Automation tool and learn how it helps vendors automatically answer any questionnaire.
Video
Watch the demo of our Questionnaire Response Automation tool and learn how it helps vendors automatically answer any questionnaire.
Blog
OneTrust launches Vendorpedia Questionnaire Response Automation to support organizations in automatically answering incoming questionnaires.
Blog
OneTrust launches Vendorpedia Questionnaire Response Automation to support organizations in automatically answering incoming questionnaires.
Blog
The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.
Blog
The CCPA is only days away from taking effect, and OneTrust has all the resources you need to be CCPA ready by January 1, 2020.
Blog
Companies can integrate their information across systems and data collection points to centralize their risk register and reporting efforts.
Blog
Companies can integrate their information across systems and data collection points to centralize their risk register and reporting efforts.
Blog
With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.
Blog
With the OneTrust Vendor Risk Management platform and data mapping, companies sustain an up-to-date data map and automate alerts and actions.
Blog
Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust's Vendorpedia.
Blog
Scale your third-party risk program with pre-populated privacy and security profiles on over 6,000 third-party vendors in OneTrust's Vendorpedia.
Blog
The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor
Blog
The FStech Awards selected OneTrust as Risk Management Software of the Year in 2018. Thank you to the FStech Awards for this incredible honor
Blog
OneTrust joins the Cloud Security Alliance or CSA, a global leader in secure cloud computing, to simplify vendor risk management for GDPR compliance.
Blog
OneTrust joins the Cloud Security Alliance or CSA, a global leader in secure cloud computing, to simplify vendor risk management for GDPR compliance.
eBook
Learn how an exchange community of customers and vendors improves security and builds trust.
eBook
Learn how an exchange community of customers and vendors improves security and builds trust.
Request a free demo of OneTrust Third Party Management and get personalized best practice advice from a third-party risk expert.
Get the OneTrust and CSA vendor risk management tool and see how to automate the entire vendor management lifecycle.
Get the OneTrust and CSA vendor risk management tool and see how to automate the entire vendor management lifecycle.
Request a free demo of OneTrust Third Party Management and get personalized best practice advice from a third-party risk expert.
Webinar
Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.
Webinar
Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.
Customer Story
Learn how Rochester Regional Health creates a patient-centric privacy program with OneTrust third-party risk management solutions.
Customer Story
Learn how Rochester Regional Health creates a patient-centric privacy program with OneTrust third-party risk management solutions.
The integration between Atlassian JIRA and OneTrust offers a powerful solution for organizations that need to comply with privacy regulations and manage risk.
Cybersecurity
The integration between BitSight and OneTrust Third-Party Risk is a powerful tool that can help organizations to manage third-party risk and to protect their data.
File Storage & Sharing
OneTrust integrates with DocuSign to automatically send eSignature envelopes and request attestation of responses from customers and vendors.
Cybersecurity
By using Supply Wisdom and OneTrust together, organizations can get a comprehensive view of third-party risk and take proactive steps to mitigate it.
The integration between Atlassian JIRA and OneTrust offers a powerful solution for organizations that need to comply with privacy regulations and manage risk.
Cybersecurity
Integrating OneTrust and BlackKite helps organizations streamline third-party risk assessments while gaining more visibility over technical, financial, and compliance risks.
Compliance
Integrating OneTrust with Bureau van Dijk and RDC can help organizations to identify and assess risks, including financial, operational, and reputational risks.
AML & KYC
Together, Dow Jones and OneTrust offer a powerful solution for third-party risk management, enabling organizations to reduce critical vulnerabilities, improve compliance, and build trust.
Cybersecurity
The integration between BitSight and OneTrust Third-Party Risk is a powerful tool that can help organizations to manage third-party risk and to protect their data.
Cybersecurity
ISS Corporate Solutions provides cyber risk management solutions that help organizations understand their own cyber resilience and the security posture of their vendors.
File Storage & Sharing
OneTrust integrates with DocuSign to automatically send eSignature envelopes and request attestation of responses from customers and vendors.
AML & KYC
Dun & Bradstreet and OneTrust offer a powerful solution for third-party risk management by integrating data and insights to help organizations identify and monitor risks.
Identity Access Management & Identity Verification
SecurityScorecard and OneTrust integrate to provide a comprehensive view of third-party cybersecurity posture and automate risk mitigation.
Cybersecurity
RiskRecon integrates with OneTrust to provide organizations with cybersecurity scores and more, which can be pulled on a scheduled basis.
Cybersecurity
Stay up-to-date on the latest threat intelligence about your organizations third-party vendors by integrating OneTrust with Recorded Future.
Cybersecurity
UpGuard and OneTrust Third-Party Risk Management integrate so organizations have a comprehensive view of third-party risk to help prevent data breaches.
Analytics
Ingest OneTrust data into Tableau for customized dashboards and analytics to drive insight into the privacy program’s activity and create custom reports.
Cybersecurity
By using Supply Wisdom and OneTrust together, organizations can get a comprehensive view of third-party risk and take proactive steps to mitigate it.
Compliance
The integration with LexisNexis Risk Solutions and OneTrust can help complete consumer requests requirements under the CCPA and other state privacy laws.
Hazte con la herramienta de gestión de riesgos de terceros de OneTrust y de la CSA, y aprende a automatizar todo el ciclo de vida de la gestión de proveedores.
Avec l’outil OneTrust-CSA, découvrez comment automatiser l’ensemble du cycle de vie de la gestion de vos fournisseurs.
Demandez une démonstration gratuite de la solution OneTrust pour la gestion des tiers et obtenez des conseils personnalisés d’un expert sur les bonnes pratiques du secteur.
Solicita una demostración gratuita de OneTrust Third Party Management y recibe consejos personalizados sobre prácticas recomendadas de un experto.
Customer Story
Multinational sports brand reinvents vendor risk management with collaborative, organization-wide approach.
Customer Story
Multinational sports brand reinvents vendor risk management with collaborative, organization-wide approach.
Fordern Sie eine kostenfreie Demo des OneTrust Drittparteienrisikomanagements an und lassen Sie sich von einem Experten für Drittparteirisiken persönlich beraten.
Holen Sie sich das OneTrust-CSA Lieferantenrisikomanagement-Tool und erfahren Sie, wie Sie den gesamten Lebenszyklus des Lieferantenmanagements automatisieren.
Blog
Dieser Blog diskutiert, wie ein effektives Third Party Management etabliert werden kann, das Sicherheit für Datenschutz-, Sicherheits-, Ethik- und ESG-Teams schafft.
Solicite uma demonstração gratuita da ferramenta de Gestão de Riscos de Terceiros da OneTrust e obtenha o aconselhamento personalizado de um especialista sobre boas práticas nesse campo.
Obtenha a ferramenta de gerenciamento de riscos de fornecedores OneTrust-CSA e saiba como automatizar todo o ciclo de vida da gestão de fornecedores.
Richiedi una demo gratuita di Third Party Management di OneTrust e ricevi pratiche consigliate personalizzate da un esperto dei rischi da parte di terzi.
Ottieni lo strumento Gestione del rischio fornitore OneTrust e CSA e scopri come automatizzare l'intero ciclo di vita della gestione dei fornitori.
Richiedi una demo gratuita di Third Party Management di OneTrust e ricevi pratiche consigliate personalizzate da un esperto dei rischi da parte di terzi.
Ottieni lo strumento Gestione del rischio fornitore OneTrust e CSA e scopri come automatizzare l'intero ciclo di vita della gestione dei fornitori.
Fordern Sie eine kostenfreie Demo des OneTrust Drittparteienrisikomanagements an und lassen Sie sich von einem Experten für Drittparteirisiken persönlich beraten.
Holen Sie sich das OneTrust-CSA Lieferantenrisikomanagement-Tool und erfahren Sie, wie Sie den gesamten Lebenszyklus des Lieferantenmanagements automatisieren.
Blog
Dieser Blog diskutiert, wie ein effektives Third Party Management etabliert werden kann, das Sicherheit für Datenschutz-, Sicherheits-, Ethik- und ESG-Teams schafft.
Solicite uma demonstração gratuita da ferramenta de Gestão de Riscos de Terceiros da OneTrust e obtenha o aconselhamento personalizado de um especialista sobre boas práticas nesse campo.
Obtenha a ferramenta de gerenciamento de riscos de fornecedores OneTrust-CSA e saiba como automatizar todo o ciclo de vida da gestão de fornecedores.
Testimonio de cliente
La marca deportiva internacional reinventa la gestión de riesgos de terceros con un enfoque colaborativo en toda la organización.
Testimonio de cliente
La marca deportiva internacional reinventa la gestión de riesgos de terceros con un enfoque colaborativo en toda la organización.
Témoignage client
Une multinationale du sport réinvente la gestion des risques tiers avec une approche collaborative à l’échelle de l’organisation.
Storia del cliente
Una multinazionale dello sport reinventa la gestione dei rischi legati ai fornitori con un approccio collaborativo a livello di organizzazione
Storia del cliente
Una multinazionale dello sport reinventa la gestione dei rischi legati ai fornitori con un approccio collaborativo a livello di organizzazione
Témoignage client
Une multinationale du sport réinvente la gestion des risques tiers avec une approche collaborative à l’échelle de l’organisation.
Compliance
Valence Security and OneTrust have partnered to create a seamless integration between SSPM and TPRM, bridging the gap between risk managers and security analysts.
Compliance
Valence Security and OneTrust have partnered to create a seamless integration between SSPM and TPRM, bridging the gap between risk managers and security analysts.
Analytics
Ingest OneTrust data into Tableau for customized dashboards and analytics to drive insight into the privacy program’s activity and create custom reports.
Cybersecurity
UpGuard and OneTrust Third-Party Risk Management integrate so organizations have a comprehensive view of third-party risk to help prevent data breaches.
Compliance
The integration with LexisNexis Risk Solutions and OneTrust can help complete consumer requests requirements under the CCPA and other state privacy laws.
Cybersecurity
ISS Corporate Solutions provides cyber risk management solutions that help organizations understand their own cyber resilience and the security posture of their vendors.
Compliance
Integrating OneTrust with Bureau van Dijk and RDC can help organizations to identify and assess risks, including financial, operational, and reputational risks.
AML & KYC
Dun & Bradstreet and OneTrust offer a powerful solution for third-party risk management by integrating data and insights to help organizations identify and monitor risks.
AML & KYC
Together, Dow Jones and OneTrust offer a powerful solution for third-party risk management, enabling organizations to reduce critical vulnerabilities, improve compliance, and build trust.
Cybersecurity
Stay up-to-date on the latest threat intelligence about your organizations third-party vendors by integrating OneTrust with Recorded Future.
Cybersecurity
Integrating OneTrust and BlackKite helps organizations streamline third-party risk assessments while gaining more visibility over technical, financial, and compliance risks.
Cybersecurity
RiskRecon integrates with OneTrust to provide organizations with cybersecurity scores and more, which can be pulled on a scheduled basis.
Identity Access Management & Identity Verification
SecurityScorecard and OneTrust integrate to provide a comprehensive view of third-party cybersecurity posture and automate risk mitigation.
Customer Story
See how this Southern Veterinary Partners improved third-party risk management and enhanced its security and efficiency.
Customer Story
See how this Southern Veterinary Partners improved third-party risk management and enhanced its security and efficiency.
Customer Story
Learn how OneTrust helped Progress build a robust compliance deparment and fostered employee trust.
Customer Story
Learn how OneTrust helped Progress build a robust compliance deparment and fostered employee trust.
Solicita una demostración gratuita de OneTrust Third Party Management y recibe consejos personalizados sobre prácticas recomendadas de un experto.
Hazte con la herramienta de gestión de riesgos de terceros de OneTrust y de la CSA, y aprende a automatizar todo el ciclo de vida de la gestión de proveedores.
GRC e garanzia di sicurezza
Partecipa al nostro webinar il 24 ottobre alle 11:00 per approfondire i principali requisiti della Direttiva NIS2 e il suo impatto sul territorio italiano.
GRC e garanzia di sicurezza
Partecipa al nostro webinar il 24 ottobre alle 11:00 per approfondire i principali requisiti della Direttiva NIS2 e il suo impatto sul territorio italiano.
Webinar
Watch our webinar and gain insight on how to navigate InfoSec's evolving compliance landscape.
Webinar
Watch our webinar and gain insight on how to navigate InfoSec's evolving compliance landscape.