Skip to main content

On-demand webinar coming soon...

Blog

What is vendor risk management?

June 9, 2021

A graphic of a green gradient background.

What is vendor risk management?

Vendor risk management (VRM) is a risk management discipline that focuses on pinpointing and mitigating risks associated with vendors. VRM gives companies visibility into the vendors they work with, how they work with them, and which vendors have implemented sufficient security controls. 

As a discipline, VRM is rapidly evolving. Each day, companies experience new security, privacy, compliance, and business continuity challenges related to their vendors. With the work-from-home shift digital transformation is rapidly increasing reliance on vendors (mainly cloud providers) making VRM a permanent, board-level concern. Objectives of a vendor risk management program vary significantly based on company size, jurisdiction, applicable laws, industry, and more. That said, there are many VRM best practices that apply to every business. We will discuss these in greater detail throughout this article. 

What is the difference between a vendor, third party, supplier, and service provider?

When discussing vendor risk management, it’s important to note that many companies use different terminology when referring to vendors. In some cases, “vendor” is used interchangeably with third party, supplier, or service provider. However, in many cases, these terms carry subtle differences. 

For example, the term “supplier” is often used in connection with physical goods, while vendors and service providers are terms most often used by information technology (IT) teams. “Third party” is often viewed as the most overarching term and can encompass all of the previously mentioned terms. For many individuals, third-party risk management and vendor risk management are synonymous. 

Why is vendor risk management important?

Companies are increasingly outsourcing critical tasks to their vendors, which comes with both benefits and risks. While working with a third party can save you money and help you operate more efficiently, it also creates vulnerabilities. Recent events, such as the Covid-19 pandemic , SolarWinds cyberattack, the Colonial Pipeline attack, and other ransomware breaches have made vendor-related risks abundantly clear. These events have impacted millions of businesses and their third parties – regardless of industry, company size, or country. 

Below are a few hypothetical examples to illustrate why VRM is important. 

Let’s say your company relies on Google Cloud services to run its mobile application. If Google Cloud has an interruption, your customers may not be able to access your app. Another example could be a ride-hailing service, such as Uber, and their reliance on contracted drivers. If Uber’s drivers go on strike, that can cause major challenges and hurt the company’s bottom line. 

Still, outsourcing is a necessary component of running a modern business. It not only saves a business money, but it’s a simple way to take advantage of the expertise that an organization might not currently have in-house. The downside is that if a proper vendor risk management program is not in place, relying on third parties can leave your business vulnerable. 

An effective VRM program can reduce the impact of disruptive events and reduce a company’s overall risk exposure. However, VRM offers far more benefits than just reducing risks. For example, businesses that have implemented a vendor risk management program can evaluate and onboard new vendors more efficiently, getting the right tools into the right peoples’ hands – faster. Additionally, a vendor risk program can give organizations the ability to monitor their vendor relationships over time, identifying new risks as they arise, as well as measuring vendor performance. There are numerous other reasons why vendor risk management is important, including the ability to: 

  • Hold vendors accountable to contracts 
  • Reduce spend by identifying redundant third parties 
  • Comply with global regulations and industry requirements 
  • Understand how data flows and who has access 
  • Track security controls and manage risk mitigation efforts 
  • Offboard vendors and maintain records for compliance 
     

How do companies manage vendor risk? 

There is no one-size-fits-all approach to managing vendor risk. Every company is different. Still, there are common measures that every business with a strong VRM program must take. These measures include (but are not limited to): 

  1. Defining your risk appetite by developing a risk appetite statement 
  2. Managing risks down to the individual product or service offered by a vendor 
  3. Choosing your control framework and assessment standard 
  4. Identifying the risk types that are most important to your organization 
  5. Creating a vendor inventory and tracking critical attributes defined by your business 
  6. Classifying your vendors based on criticality 
  7. Conducting vendor risk assessments and mitigation 
  8. Tracking key terms in vendor contracts
  9. Reporting on important vendor-related metrics 
  10. Monitoring vendor risks and performance overtime 
     

How do you implement a vendor risk management program? 

Implementation of a VRM program is highly dependent on the size of your organization and scale of your vendor management program. With that said, many program implementations follow a common methodology.  

Step 1: Select software 

Understand your use case and software requirements

Step 2: Train your team 

Review key functionality and understand how the software can meet your goals. 

Step 3: Build your vendor inventory 

Import an existing vendor list (if you have one) and configure the attributes you’d like to track for each vendor. If you don’t have an existing vendor list, there are a few methods you can use to identify and onboard vendors, such as conducting vendor discovery assessments or leveraging a self-service portal for business users.  

Step 4: Classify your vendors 

With dozens, hundreds, or even thousands of vendors, it’s difficult to know which ones matter most. Many vendor risk teams solve this problem by classifying their vendors into different tiers. The most commonly applied tiers are: 

  • Tier 3 vendors: Low risk, low criticality 
  • Tier 2 vendors: Medium risk, medium criticality 
  • Tier 1 vendors: High risk, high criticality 

Step 5: Choose your assessment framework 

There are many assessment standards or frameworks to choose from. There is no “right” assessment that works for everyone. However, there is likely a “right” assessment framework that works for your company and industry. Common industry assessment standards, include: 

There are also standards for specific industries, including: 

We’ll explore these standards and frameworks in more detail later on. 

Step 6: Develop your assessment methodology

  • When developing your assessment processes, it’s important to consider the following questions: 
  • How do you know when a new vendor assessment is required? 
  • Who should have the ability to launch a vendor assessment? 
  • Who reviews the assessments? 
  • How much effort do you want to put into validating assessment answers? 
  • Which assessment questions generate risks? 
  • How are flagged risks aggregated and reported on? 
  • Are follow-up assessments needed based on initial assessment responses? 
  • How often do you need to reassess your vendors? 
  • Will you conduct assessments yourself, or would an assessment exchange work for you? 

When considering how you want to validate assessment answers, it is important to understand your options. For low-risk vendors, many companies will accept a vendor self-attestation (in which the vendor “attests” to the accuracy of their answers). For medium to high-risk vendors, companies will take a more intensive validation approach, such as an onsite audit. However, as digital transformation continues full speed ahead and work from home has become a part of day-to-day business, many organizations are opting for remote audits instead of going onsite. It’s important for your business to be prepared for both types of audits.  

Step 7: Define your risk methodology and control framework 

Every VRM program needs a way to calculate risks. Your risk methodology, along with your chosen control framework, must be defined internally by your organization. Many companies use a risk matrix with impact and probability as the axis. 

Alternative methodologies can be as simple as flagging risks as high, medium, or low.

Step 8: Create automation workflows & triggers 

As you outline different VRM workflows, consider where you can apply automation to save time. Many vendor management professionals add automation when: 

  • Adding and onboarding new vendors
  • Measuring inherent risk and tiering vendors. 
  • Assigning risk owners and delegating required mitigation actions. 
  • Triggering vendor performance or renewal reviews. 
  • Triggering yearly vendor reassessments. 
  • Sending notifications to key stakeholders. 
  • Scheduling, running and sharing reports. 

Every business has unique vendor risk management workflows. To streamline these workflows, focus on identifying the most repeatable processes and tasks. Then, begin configuring automation for these specific aspects of your workflows. As each smaller automation is added, efficiency will compound, and your team will reap the time-saving rewards.

Step 9: Build your reports & dashboards 

Every third-party risk professional has a wish list of reports and analytics they’d like to have access to. There’s no better time to make this data accessible than during a VRM program implementation.  

So, ask yourself, what are your current reporting requirements? What information would be helpful to display in a dashboard? 

The most straightforward metrics often tracked include: 

  • Total number of vendors 
  • Vendors by risk score or level 
  • Status on all vendor risk assessments 
  • Number of expiring or expired vendor contracts 
  • Risks grouped by level (high, medium, low) 
  • Risks by stage within the risk remediation workflow 
  • Risks to your parent organization and risks to your subsidiaries 
  • Risk history over time 

Step 10: Refine your program over time 

Vendor risk management is not a static discipline. New threats and requirements are constantly emerging, which is why it’s so important to take a step back from time to time to determine if your program is still hitting the mark. If not, why and what can you do about it? 

What is the vendor risk management lifecycle? 

The vendor risk management lifecycle is how a vendor relationship progresses over time. In some cases, VRM is actually referred to as “vendor relationship management,” which describes the ongoing engagements that businesses have with their vendors. The VRM lifecycle consists of the following stages: 

  • Vendor identification 
  • Evaluation & selection 
  • Risk assessment 
  • Risk mitigation 
  • Contracting and procurement 
  • Reporting and recordkeeping 
  • Ongoing monitoring 
  • Vendor offboarding 

 The vendor risk management lifecycle is sometimes referred to as the “third-party risk management lifecycle,” which we break down in much greater detail here.  

How do I conduct better vendor risk assessments? 

A vendor risk assessment, or third-party risk assessment, is a questionnaire that companies use to “assess” and vet their current and future vendors. 

The risk assessment process is designed to identify and evaluate the potential risks of working with a vendor. This is done by assessing a vendor’s security controls, values, goals, policies, procedures, and other contributing factors. In doing so, businesses are able to determine if the rewards outweigh the risks of working with the third party. 

Conducting thorough risk assessments is critical to the success of your vendor risk management program. So, what best practices can you put in place to improve your probability of risk assessment success? Below are 5 tips to help improve your assessment process. 

Tip 1: Determine which risks you care about 

Prior to assessing your vendors, it’s important to take a step back and think about which risks matter most to your organization. These risks can come in many forms and can include: 

  • Strategic Risk (how does the vendor’s strategy align with yours?) 
  • Cybersecurity Risk 
  • Financial Risk 
  • Compliance Risk 
  • Geographic Risk 
  • 4th-Party Risk 
  • Replacement Risk (how difficult is it to replace the vendor?) 
  • Operational Risk 
  • Privacy Risk 
  • Reputational Risk 
  • Business Continuity Risk 
  • Performance Risk 
  • Environmental Risk 
  • Concentration Risk (How reliant are you on an individual vendor?) 

The specific risks you decide to track will depend on your organization and your VRM program goals. Many companies do not track all of the risks listed above. Most will select the top 4-5 risk categories that matter most to their business. Measuring too many types of risks can become overwhelming. That said, the most mature VRM programs can get very granular with the types of risks they track, and in doing so, will have a greater understanding of their company’s overall risk exposure as it relates to third parties. 

 Tip 2: Assess your vendors’ products and services 

Most of the vendors you work with have a number of different products or services. Each of these individual products or services can have different security measures in place, making the risks they pose unique (even if it’s the same vendor). 

As a hypothetical, Salesforce CRM and Salesforce Pardot are two separate products sold by Salesforce. In this case, the vendor is Salesforce, however, the products (CRM vs. Pardot) each have their own separate compliance certifications and a different set of implemented security controls. 

What’s more, how you use one service may be totally different than how you use another. For example, you may use Amazon to order supplies for your business. In this case, Amazon could be considered a low-risk vendor. On the other hand, you may also rely on Amazon Web Services to host your cloud-based application, which would present a much greater risk. 

Tip 3: Automate your vendor assessment process 

Like any repeatable process, you can automate the actions involved in conducting assessments. Review internal procedures to identify areas in your assessment workflow that can be done automatically. Automation examples include auto-flagging risks, assigning risk owners, and triggering reassessments based on a newly identified risk or an expiring contract. 

Tip 4: Make responding to assessments easy for your vendors 

Getting a vendor to answer an assessment can be a painstaking process. Consider how you can make the process easier for your vendors. For example, enable them with free questionnaire response automation tools, or encourage them to participate in a risk exchange. 

Tip 5: Monitor vendors for reassessment 

Risks can change over time. So, what risk-inducing events might require a reassessment of a vendor? New risks often arise from the following events: 

  • Mergers, acquisitions, or divestitures 
  • Internal process modifications 
  • Negative news or unethical actions 
  • Natural disasters and other business continuity triggering events 
  • Product updates 
  • New regulations 
  • Employee reductions 
     

What are risk exchanges and how can they help me with my vendor risk assessments? 

A risk exchange (or Third-Party Risk Exchange) helps facilitate the “exchange” of vendor risk assessments, as well as other documentation and evidence. 

With an exchange, you can access a vendor’s pre-completed risk assessments. These assessments are typically based on an industry standard, such as NIST, ISO, or SIG Lite. 

A risk exchange can improve your VRM program by enabling you to get your vendor assessments done faster, as well as eliminating the time-consuming, assessment-related work that ties up your team and takes resources away from other strategic projects. 

For your vendors, risk exchanges save them significant time by enabling them to re-use their completed questionnaires over and over again. Through the exchange, they can share the same assessment with dozens of companies at the same time. 

Ultimately, risk exchanges enable you and your vendors to work together to collectively make the vendor risk assessment process better for everyone involved. 

What are the benefits of vendor risk management software? 

VRM software helps organizations build and automate their vendor risk management program. Ultimately, vendor risk software helps you onboard third parties, evaluate them, identify and mitigate their risks, monitor vendor changes over time, and offboard third parties when necessary – all while maintaining adequate records to demonstrate compliance. When leveraging VRM software, automation can provide a rapid return on investment (ROI). Additional benefits of vendor risk management software, include: 

  • Increased security 
  • Increased consumer trust 
  • Greater time and cost savings 
  • Reduced repetitive work 
  • Better vendor visibility 
  • Streamlined vendor evaluation and onboarding 
  • Faster risk assessments 
  • Improved reporting and analytics 
  • Simplified recordkeeping 
  • Reduced risks associated with vendors 
  • Improved vendor relationships and performance 
  • Less time spent in spreadsheets 
     

How can OneTrust help?

The OneTrust platform leverages expertise in GRC, specializing in Third-Party Risk Management, Privacy, Incident Management and many other categories to deliver an immersive security and privacy management experience. Reduce your vendor, supplier, and third-party risks with OneTrust Third-Party Management software and Third-Party Risk Exchange The software enables you to run compliance checks and screen vendors. Additionally, our software empowers organizations to conduct vendor risk assessments and mitigate risks through highly customizable workflow automation. The OneTrust Third-Party Risk Exchange enables businesses to access to risk analytics and control gap reports on vendors, and provides vendors with an opportunity to centralize their compliance details and promote them to thousands of OneTrust customers to easily share.  


You may also like

Webinar

Third-Party Risk

Virtual Lunch & Learn: A deep dive into OneTrust's Third Party Management capabilities

Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.

December 17, 2024

Learn more

Webinar

Third-Party Risk

Unpacking global regulatory frameworks to enhance third-party operational resilience

Register for this OneTrust webinar to learn about the relevant resilience focused requirements of DORA, NIS 2, and other global regulations.

December 11, 2024

Learn more

Webinar

Technology Risk & Compliance

Understanding the NIS 2 Directive: Compliance insights and best practices

This DataGuidance webinar explores the latest and expected developments in the implementation of the NIS 2 Directive, focusing on practical compliance strategies to ensure your organization is prepared.

December 04, 2024

Learn more

Infographic

Third-Party Risk

Rise above risk: Third-party management in technology

November 21, 2024

Learn more

Report

Privacy Automation

Defining a new direction for data

As AI continues to offer unparalleled opportunities for business innovation, it also presents risks that organizations must tackle head-on through scalable governance programs that span multiple data sources. Six key trends are defining these challenges.

November 13, 2024

Learn more

Webinar

Third-Party Risk

Bill S-211: Will you be ready by May 31?

In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.

November 07, 2024

Learn more

Blog

Third-Party Risk

Tackling IT security risks for banks in South Africa

Join our OneTrust webinar on tackling IT security risks for banks in South Africa. Explore strategies for safeguarding sensitive data, ensuring POPIA compliance, and managing cyber threats. Gain actionable insights to strengthen your security posture and build customer trust.

October 31, 2024

Learn more

Webinar

Privacy Automation

Build resiliency and operationalize compliance with OneTrust: Fall product release recap, 2024

Join our upcoming product release webinar to explore how these new capabilities can help your organization navigate complex frameworks, streamline third-party management, and accelerate AI and data innovation.

October 22, 2024

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: Building a robust third-party risk management program with OneTrust

Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.

October 10, 2024

Learn more

eBook

Third-Party Risk

Simplifying vendor risk management

Streamline third-party relationships and avoid common mistakes in the process.

October 03, 2024

Learn more

Checklist

Third-Party Risk

Essential checklist for simplifying third-party risk management

Third-party management doesn’t have to be a complicated process for your business.

October 02, 2024

Learn more

Infographic

Third-Party Risk

Navigating risk in financial services with third-party management

Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.

October 01, 2024

Learn more

Infographic

Third-Party Risk

Manufacturing risk: Managing third parties in the supply chain

Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.

September 30, 2024

Learn more

eBook

Third-Party Risk

The complete guide to third-party management

It’s imperative for security teams to implement a holistic approach to third-party management.

September 27, 2024

Learn more

Webinar

Third-Party Risk

Strengthen your third-party ecosystem: Strategies to combat modern slavery, anti-bribery, and corruption

Join our upcoming webinar to learn how to navigate the complexities of managing modern slavery, anti-bribery, and corruption within your third-party ecosystem.

September 26, 2024

Learn more

Webinar

Third-Party Risk

PDPL and third-party risk

Join us in a webinar where we will discuss PDPL, third-party risk, and compliance best practices. Learn how you can automate and simplify your third-party management program with OneTrust.

September 19, 2024

Learn more

Webinar

Third-Party Risk

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?​

Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.

September 18, 2024

Learn more

Webinar

Third-Party Risk

Navigating the intersection: Third-party risk management in South Africa's evolving data landscape

Amidst South Africa's dynamic AI terrain and evolving data privacy regulations like POPIA, mastering third-party risk management is paramount. This session explores the balance between AI innovation and data protection.

September 18, 2024

Learn more

Webinar

Third-Party Risk

Third-Party operational risk: Shifting from reliance to resilience

Join this webinar to learn best practices for building a resilient third-party ecosystem and maintaining operational continuity in the face of unforeseen challenges.

August 15, 2024

Learn more

eBook

Third-Party Risk

Deploying third-party management to navigate risk across industries

Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.

August 06, 2024

Learn more

Webinar

Third-Party Risk

Third-Party AI: Procurement and risk management best practices

As innovation teams race to integrate AI into their products and services, new challenges arise for development teams leveraging third-party models. Join the webinar to gain insights on how to navigate AI vendors while mitigating third-party risks.

July 25, 2024

Learn more

Webinar

Privacy Management

New European cyber laws: What you need to know

The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.

July 23, 2024

Learn more

Webinar

Third-Party Risk

Protecting your reputation: 3 ways a unified third-party management program can help

This webinar will show you how to develop strategies for assessing reputational risks as it relates to third parties and the impact of third-party relationships.

June 12, 2024

Learn more

Webinar

Third-Party Risk

Third-Party risk management and due diligence: What's the difference and why does it matter?

In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.

May 08, 2024

Learn more

Infographic

Third-Party Risk

Streamline compliance with the Digital Operational Resilience Act (DORA)

Download our infographic to learn about the new DORA regulation, who needs to comply, and how OneTrust can help streamline the process.

April 29, 2024

Learn more

Webinar

Third-Party Risk

5 Best practices for increasing resilience when working with third parties webinar

Learn how to leverage financial, operations, compliance, ESG, and cyber scores to drive resilience insights and detect possible supply chain disruptions.

April 18, 2024

Learn more

Video

Third-Party Risk

OneTrust third-party management demo video

Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems. 

April 04, 2024

Learn more

Checklist

Third-Party Risk

6 steps to effective third-party risk management

See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.

March 29, 2024

Learn more

Webinar

Third-Party Risk

TPRM privacy compliance: 10 best practices when working with third parties

How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.

March 13, 2024

Learn more

Video

Third-Party Risk

6 must-know trends in third-party management

Watch this video for the five top trends shaping the third-party management industry this year.

February 15, 2024

Learn more

Checklist

AI Governance

Questions to add to existing vendor assessments for AI

Managing third-party risk is a critical part of AI governance, but you don’t have to start from scratch. Use these questions to adapt your existing vendor assessments to be used for AI.

January 31, 2024

Learn more

Infographic

Third-Party Risk

4 top-of-mind challenges for CISOs

What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.

January 30, 2024

Learn more

Webinar

Third-Party Risk

A look back at 2023 & third-party management trends for the new year

Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.

January 24, 2024

Learn more

Webinar

Third-Party Risk

Live demo EMEA: Master third-party risk management with OneTrust

Attend this demo to see how our TPRM solution can help you identify and mitigate risk as well as automate manual and repetitive tasks to ultimately reduce the time you spend managing your vendors

January 23, 2024

Learn more

Webinar

Third-Party Risk

Utilizing inherent risk for more efficient third-party management

Insight into your third parties’ inherent risks can change the way you run your TPM program.

November 30, 2023

Learn more

Webinar

Third-Party Risk

Elevating third-party safety: The art of TPRM and TPDD integration

Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.

November 21, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more

Webinar

Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.

October 25, 2023

Learn more

eBook

Third-Party Risk

Data privacy compliance and Third-Party Management: A unified approach

Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.

October 12, 2023

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: How OneTrust can help advance your third-party risk management program

Join us for a live demo of OneTrust's third-party risk management solution and see how it can help automate and streamline your TPRM program.

September 19, 2023

Learn more

Webinar

Third-Party Risk

Where contracting fits in the third-party risk lifecycle: 5 opportunities for optimization

Join this webinar to learn how to manage the third-party risk lifecycle across teams while optimizing your processes with automation.

September 07, 2023

Learn more

Webinar

Third-Party Risk

Staying vigilant: 7 practical tips for ongoing third-party risk monitoring

In this webinar, we'll share seven practical tips for effective third-party risk monitoring, helping you to identify new risks and take timely action to protect your business.

August 01, 2023

Learn more

Infographic

Third-Party Risk

What are your third parties not telling you?

Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.

July 24, 2023

Learn more

Webinar

Third-Party Due Diligence

Driving excellence in third-party risk management: An in-depth look at different due diligence approaches

Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.

July 20, 2023

Learn more

Webinar

Third-Party Risk

Automating third-party management workflows: 5 ways to drive alignment across teams

Join us as we explore how automating third-party management workflows streamlines processes, drives alignment across teams, and reduces reduntant work.

July 19, 2023

Learn more

Webinar

Third-Party Due Diligence

A shortcut to third party due diligence fundamentals

In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.

July 13, 2023

Learn more

Webinar

Third-Party Risk

Are your third parties a privacy compliance liability? 5 tips to reduce your exposure

Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.

July 05, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

Video

GRC & Security Assurance

Third-party risk exchange demo

The OneTrust Vendor Risk Management provides businesses access to pre-completed vendor risk assessments while supporting industry standards.

June 22, 2023

Learn more

Webinar

Third-Party Risk

Third-party data breach incident response: Essential workflows for effective recovery

Join OneTrust and HackNotice as we discuss effective ways to protect your organization from third-party data breaches and build strong incident response workflows. 

June 13, 2023

Learn more

Webinar

Third-Party Risk

Bridging the gap: How procurement and InfoSec can work together to reduce third-party risks

Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.

June 08, 2023

Learn more

eBook

Third-Party Risk

InfoSec's guide to third-party risk management: Key considerations and best practices

Download our eBook to learn practical advice on how to approach third-party risk management like an InfoSec expert.

June 05, 2023

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

Webinar

Third-Party Risk

Save time, save money: A practical guide to automating third-party risk management

In this webinar, you will learn how to reduce the use of spreadsheets for third-party risk management and cut costs when building your TPRM program.

May 03, 2023

Learn more

Webinar

Third-Party Risk

Third-Party management secrets: Aligning risk management and due diligence

Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.

April 20, 2023

Learn more

In-Person Event

Third-Party Risk

Risk on the Road: Navigating data management, compliance automation and third-party risk

Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.

April 11, 2023

Learn more

Infographic

Third-Party Risk

Third-party risk: A growing spiderweb

The number of businesses and third-party suppliers has increased, widening the risk landscape. This infographic shows how businesses are managing that risk.

April 03, 2023

Learn more

Webinar

Privacy Management

The US privacy landscape for third-party risk: a program prototype time

Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.

March 28, 2023

Learn more

Webinar

Third-Party Risk

Efficient third-party risk management: 10 Best practices for streamlining workflows

Attend this webinar to learn about Third-Party Risk Management (TPRM) workflow definition and maintenance best practices you can apply to your business.NEED

February 13, 2023

Learn more

Webinar

Third-Party Risk

Third-Party Management roundtable: 3 strategies for aligning Security, Privacy, Ethics, and ESG teams

In this webinar, you will learn how to utilize TPRM to help to optimize workflows, leverage data, and increase accountability across sourcing and procurement.

February 01, 2023

Learn more

Webinar

Third-Party Risk

Third-party risk management demo

Our third-party risk software helps you build a vendor inventory, conduct vendor assessments, mitigate risks, monitor vendors over time, and more.

January 04, 2023

Learn more

Video

Third-Party Risk

OneTrust third-party risk management for privacy professionals

Watch the demo video to learn how OneTrust Third-Party Risk Management can help your TPRM program meet your privacy team's expectations.

December 07, 2022

Learn more

Webinar

Third-Party Risk

How do you manage your third-party cyber risks? 5 best practices to improve your cyber resilience webinar

In this session, we’ll outline how to identify, reduce, and monitor cyber risk as it relates to your third parties including methods for tracking cyber risks over time.

December 06, 2022

Learn more

Webinar

Third-Party Risk

Canada and ISO 27001:2022: How automation streamlines compliance

Join OneTrust for a demo on how our privacy management platform helps Canadian businesses streamline ISO 27001:2022 compliance.

November 30, 2022

Learn more

Webinar

GRC & Security Assurance

Analyzing ISO 27001:2022 reinforcing privacy and security compliance with automation webinar

Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.

November 17, 2022

Learn more

Webinar

Third-Party Risk

Do You Know Your third-party cyber risks? How to take a data-driven approach to reduce risk

In this webinar session, we’ll outline how to take a data-driven approach to understand, reduce, and monitor cyber risks as it relates to your third parties.

November 15, 2022

Learn more

Webinar

Third-Party Risk

TPRM program blueprint: Your 5 step guide to third-party risk management success

This webinar focuses on the fundamental considerations when managing third parties and enables your organization to build a solid and scalable foundation.

October 31, 2022

Learn more

Webinar

Third-Party Risk

How OneTrust can help scale your Third-Party Risk program

In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.

October 18, 2022

Learn more

Webinar

Third-Party Risk

5 Ways to save time when assessing third parties for privacy and security risks webinar

Watch this webinar as OneTrust discusses how privacy and security teams can save time throughout the third-party risk assessment lifecycle.

October 11, 2022

Learn more

Webinar

Third-Party Risk

7 core metrics every third-party risk program must track (and how to track them)

We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.

September 28, 2022

Learn more

Webinar

Third-Party Risk

Do you know your riskiest third parties?  7 warning signs you shouldn’t ignore 

Learn the top 7 red flags for risky third parties, mitigation tactics for reducing third-party risk, and key ways to streamline risk identification, and more.

September 22, 2022

Learn more

Webinar

Third-Party Risk

3 Strategies for simplifying privacy compliance when working with third parties

In this webinar, we'll discuss third-party risk management's role in privacy compliance and cost-effective techniques for maintaining records for compliance.

September 18, 2022

Learn more

eBook

Technology Risk & Compliance

The art of the enterprise IT risk assessment

Ensure your enterprise IT risk assessment is a success with a top-down approach that gets executive buy-in from the start

September 16, 2022

Learn more

Webinar

GRC & Security Assurance

Supply Chain Due Diligence Best Practices: A Practical Implementation Guide to LkSG Webinar

Watch our LkSG webinar to understand the scope of LkSG, how your company will need to adjust, and the repercussions of noncompliance.

September 07, 2022

Learn more

Webinar

Third-Party Risk

Security & privacy C-Level panel: Best practices for building your TPRM program

In this webinar, we discuss best practices for how privacy and security teams can work better to eliminate redundant work, save time, and be more efficient.

August 30, 2022

Learn more

Webinar

Third-Party Risk

10 best practices for streamlining your third-party risk management workflows

Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.

August 30, 2022

Learn more

Webinar

Third-Party Risk

Cybersecurity panel: How well do you know the threats posed by your third parties?

In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.  

August 28, 2022

Learn more

Webinar

Third-Party Risk

Third-Party risk and the U.S. privacy landscape: the top 5 things you need to know

In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.

July 31, 2022

Learn more

Checklist

Third-Party Risk

LkSG readiness checklist: Is your company prepared for the German supply chain due diligence act?

Download our LkSG readiness checklist to understand your readiness for risk management systems and responsibilities, and due diligence obligations.

July 26, 2022

Learn more

Infographic

GRC & Security Assurance

The state of IT & third-party risk infographic

In this infographic, you'll discover third-party risk and learn how to operationalize a "3A approach", including addressing evolving risk factors and timelines.

July 19, 2022

Learn more

Webinar

Third-Party Risk

Better by tomorrow: 7 third-party risk assessment best practices you can implement today

In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.

July 15, 2022

Learn more

eBook

Third-Party Risk

Building your third-party risk management program

Understand what it takes to build a successful third-party risk management program through OneTrust's third-party risk management guide.

July 08, 2022

Learn more

Webinar

Third-Party Risk

How to comply: German supply chain Due Diligence act and Forthcoming EU rules

Join our panel of experts as we discuss the German Supply Chain Due Dilligence Act and the best practices for compliance.

June 15, 2022

Learn more

Webinar

Third-Party Risk

Third-Party risk best practices: How to align privacy & security teams for greater productivity

This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.

June 06, 2022

Learn more

Webinar

GRC & Security Assurance

Elevating your third party risk program with an integrated infosec platform

Join this webinar to learn how you can integrate your Third-Party Risk Management program within a broader IT Security platform

May 26, 2022

Learn more

Webinar

Third-Party Risk

Preparing your TPRM program: A 30-day implementation guide

In this webinar, we will provide you with the steps that you need to define a solid third-party risk management program

May 25, 2022

Learn more

Webinar

Third-Party Risk

Accelerating automation: How the pandemic forced third-party management to scale

Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.

April 26, 2022

Learn more

Webinar

Third-Party Risk

Secrets to Success: The winning game plan for security questionnaire response

Discover effective strategies for preparing security questionaire responses with our free webinar.

April 04, 2022

Learn more

Webinar

Third-Party Risk

Ready, set, launch your TPRM program: A 30-day implementation roadmap

Watch this webinar and learn how to launch an effective third-party risk managment program and practical methods to track success.

March 30, 2022

Learn more

eBook

Third-Party Risk

The shift to third-party management

Download our guide on third-party management and learn what you need to know to shift your buisness to TPM.

March 29, 2022

Learn more

White Paper

Third-Party Risk

Third-party risk: A turbulent outlook

Download this joint research report conducted by CyberRisk Alliance and Vendorpedia to understand today's third-party risk landscape.

March 02, 2022

Learn more

eBook

Third-Party Risk

The business value of third-party risk management software

In this eBook, learn the business value of TPRM software and why all leading organizations rely on it when working with third-party vendors.

February 03, 2022

Learn more

Webinar

Third-Party Risk

5 Ways to step-up your business resilience with better third-party management

Join this webinar to learn best practices on how your organization can step-up business resilience with better third-party risk management.

February 02, 2022

Learn more

Webinar

Third-Party Risk

Optimizing third-party risk: enhance automation with an integrated IT risk platform

Watch our free webinar to discover how to optimize your third-party risk program and reduce manual data management with automation.

February 02, 2022

Learn more

Webinar

Privacy Management

2022 Third-party trust predictions and preparations

Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.

January 04, 2022

Learn more

Webinar

Third-Party Risk

Are your third parties a privacy compliance liability? 5 Tips to reduce your exposure

This webinar will discuss how to create a Third-Party Risk Management (TPRM) program that prioritizes privacy compliance and simplifies record-keeping.

December 31, 2021

Learn more

eBook

GRC & Security Assurance

Vendor risk management for privacy professionals

Download the OneTrust Vendor Risk Management Handbook for an in-depth understanding of updated regulations, requirements and more.

November 17, 2021

Learn more

Webinar

Third-Party Risk

Are you a trusted vendor? 10 things every customer wants to know

Access this free webinar to learn how to be a trusted vendor.

July 22, 2021

Learn more

eBook

Third-Party Risk

Mastering the third-party risk management lifecycle

Download our third-party risk management eBook and get a complete roadmap to your TPRM lifecycle.

July 13, 2021

Learn more

Video

Third-Party Risk

Questionnaire Response Automation demo

Watch the demo of our Questionnaire Response Automation tool and learn how it helps vendors automatically answer any questionnaire.

April 08, 2021

Learn more

eBook

Third-Party Risk

The value of the Exchange Community for customers and vendors

Learn how an exchange community of customers and vendors improves security and builds trust.

Learn more

Webinar

Third-Party Risk

Third-party management academy

Join this webinar series, which will focus on the four foundational pillars of Third-Party Risk Management: Automation, Compliance, Reporting, and Collaboration.

Learn more

Webinar

Third-Party Risk

Building a strong security posture: managing compliance, risk and business engagement in a dynamic landscape

Watch our webinar and gain insight on how to navigate InfoSec's evolving compliance landscape.

Learn more