October 6, 2020, marked the release of the Q4 The Forrester Wave™: Third-Party Risk Management Platforms report. This report reviews the 11 most significant providers in the TPRM space using a 23-criterion evaluation. Showing how each provider measures up, this report helps risk and compliance professionals select the right platform for their needs. Notably, of the 11 providers selected, all but one organization are Shared Assessments members.
The report offers a brief overview of trends in TPRM noting how little control organizations have over how third parties secure their technology and data. Yet, the organization is ultimately responsible for security incidents or regulatory missteps.
As such, the Forrester Wave™ report recommends that TPRM customers look for providers that leverage AI and machine learning to contextualize analysis. With AI/ML, TPRM platforms can “detect changes in global regulations and predict regulatory enforcement action, compare the risk of a specific third party to that of the entire ecosystem, and detect abnormal patterns in a third party’s activities that can signal fraud.”
The report suggests that TPRM customers find providers prioritizing interoperability and continuous monitoring. Interoperable TPRM platforms “automatically extract data that would have taken weeks or months to collect” while “integrations with third-party risk intelligence tools like cyber ratings, financial ratings, security information and event management tools, and regulatory and news feeds continuously monitor for changes in vendors’ status or risk level and trigger workflows…”
Finally, those in the market for TPRM solutions should seek a platform offering value-added services to extend internal expertise and resources. As TPRM teams struggle to keep pace with the number of third-party assessments, some vendors provide data collection, assessment validation and due diligence services. Some vendors even maintain a network of financial and/or legal professionals to help customers interpret new regulations and contextualize the impact on their organization.
The quantify the strength of the offerings of the platforms included, the report scores vendors from a sourcing/procurement, risk assessment, scoring and mitigation, continuous monitoring, interoperability, reporting and user interface perspective. The evaluation also looks at the organizations’ overall strategy, considering product vision, market approach and innovation, and customer engagement. The report reviews market presence, measuring revenue, number of customers and global presence.
The report reveals OneTrust, Galvanize, and Aravo as leaders. The report identifies ServiceNow, MetricStream, ProcessUnity, Coupa, and Prevalent as strong performers. Meanwhile, the report points to NAVEX Global as a contender and RSA as a challenger.
We are so proud to call these high-performing organizations members of Shared Assessments. While these organizations contribute indispensably to the collective intelligence in our community, the reach of the innovation within these risk management platforms is far wider, making the world a more secure place.
The full report can be accessed here.