Developments and Technology in TPRM

From the ways we teach, learn and work to the COVID-19 vaccine itself, we’ve been challenged to develop new modes of accomplishing our work this year. This change has demanded that trends in Risk Management accelerate. We’ve seen Virtual Assessments, Automation, Machine Learning, Predictive Analytics and Continuous Monitoring move to the forefront.

From solutions for risk professionals seeking efficiency to cyberattack modeling, Shared Assessments’ Innovation Leaders event highlighted the varied approaches our partners have developed for Risk Management in challenging times. The Gartner Magic Quadrant and the Forrester Report sang the praises of partner and member solutions for Third Party Risk Management in 2020. (65% of VRM tools in the Magic Quadrant are partnered with Shared Assessments. Ten out of 11 organizations identified in the Forrester Report as leading in the TPRM space are Shared Assessments members.)

We are thrilled with these reports covering exceptional TPRM solutions. But, we also want to learn what technologies and developments individual TPRM experts are most excited about. This blogpost features several developments compelling leaders in risk.

Many of the individuals we queried around TPRM technologies point to Continuous Monitoring as the most remarkable development:

“Real-time alerts for continuous monitoring I think can focus TPRM efforts on the right risks, vs. a traditional cadence of end to end Third Party Assessments.”

-Linnea Solem, Founder and CEO, Solem Risk Partners

“Continuous monitoring solutions above and beyond cyber security.”

 – Charlie Miller, Senior Advisor, Shared Assessments

Catherine Allen, Founder and Chairman of the Board, Santa Fe Group, sees the “use of AI and ML to do continuous monitoring” as being a significant development in TPRM technology.

Along the AI and ML lines, many individuals see data and predictive analytics as key:

“TPRM practitioners will mature in an ongoing partnership with solutions providers challenging ourselves to get to predictive intelligence that alerts to areas of supply chain weakness for proactive engagement to address the risk.”

-Phil Bennett, Manager, Information Security Governance, Metrics & Analytics at Navy Federal Credit Union

“Artificial Intelligence and Data classification in TPRM.”

-Alpa Inamdar, formerly with BNY Mellon Corporation

“Leveraging machine learning to improve existing end-to-end processes.  This is something I am seeing some vendors speak to and looking to see them make this happen.”

– Nasser Fattah, Executive Advisor at RiskLogix LLC

Finally, these perspectives point to the positive development of people and processes through technology in TPRM:

“I’m encouraged by the ever increasing improvements in capability of GRC (Governance, Risk and Compliance)…and now called IRM (Integrated Risk Management) solutions.  It is said that people and process are more important than technology…and I believe that.  However, sometimes technologies can be a positive change agent and accelerate the adoption of better and more consistent process.”

– Clayton Carpenter, SR. Analyst Compliance, Trane Technologies

“The ability to utilize cloud-based tools that not only give scoring based on reported incidents, but, many tools have now evolved and integrated a risk based approach to allow for even better vendor management based on the requirements of the TPR managers organization. Some tools are now able to ingest an organization’s policies, standards and procedures, which can lead to much greater maintained visibility into an organization’s vendor community.”

-Marcus Rose, Sr Analyst Cyber Risk Management, Trane Technologies