On Tuesday, October 20, I led an exploration of the real solutions for TPRM from Innovation Leaders in the Third Party Risk Management Space. In this session, innovation leaders (a select group from Shared Assessments’ community of members) presented solutions for TPRM, addressing specific challenges within the risk management process. This blogpost covers the highlights of each platform giving an overview of the key functions and how they benefit risk programs.
PRIVVA described how automation helps TPRM Professionals reclaim their time. Prevalent offered insight into integrating SIG Questionnaires. RedSpy365, a new Shared Assessments member, described how to manage cyber risk with advanced threat modeling. Finally, OneTrust spoke to streamlining vendor risk assessments.
PRIVVA’s cloud-based platform helps TPRM professionals develop efficiencies in their work. A lens affording an automated, overall view of a vendor’s risk profile, PRIVVA scores risk for each control level within 10 frameworks along with issue detection alerts. Other features include complimentary language translation for seamless global partnerships. Also, PRIVVA gives an efficiency boost to vendors through automatic save of historical data a vendor has input for future questionnaires. PRIVVA’s responsiveness to clients is impressive, seen clearly with their addition of a Diversity and Inclusion Assessment – an agile answer to clients’ pressing needs.
Prevalent identified outdated risk data as the greatest challenge in TPRM, causing complexity and frustration. To relieve this complexity, Prevalent presents a three-fold approach to managing complexity in TPRM. First, Prevalent delivers the Third-Party Risk Software – a SaaS platform for unified assessment and monitoring. Secondly, Prevalent gives access to libraries of comprehensive vendor intelligence profiles. Finally, Prevalent provides the people needed for vendor risk assessment services – a team of risk professionals to advance risk programs for every step of the TPRM lifecycle (all the way through to risk remediation!).
Prevalent focused on their Third-Party Risk Software – built to eliminate the inefficiencies in manual collection, maintenance and analysis of risk status. Prevalent simplifies compliance and risk reduction with an automated Third-Party Risk Management platform which includes a library of 50+ standardized assessments, content customization capabilities, and built-in workflow. This solution automates everything from survey collection and analysis to vendor risk rating and reporting.
RedSpy365 is a penetration testing and attack modeling platform invented by a former Navy Communications Analyst. RedSpy365 is an answer to the shortage of 4 million cybersecurity professionals. Through continuously analyzing an organization’s risk surface from a hacker’s perspective, RedSpy365 provides a proactive, reactive and compliance solution for cyber security. As RedSpy uncovers security flaws, its platform allows a user to understand the impact of the risk and to eliminate the root cause of that risk. Redspy365’s solution includes:
- Testing Overview
- Overall Assessment Results
- Internal/External Findings
- Threat Risk/Threat Surface Summary
- Vulnerability Classifications
- Recommendations for Remediation
This powerful technology makes the critical connection between attack and critical business processes and economic impact.
OneTrust introduced Vendorpedia, a Cyber Risk Exchange and TPRM software. The Cyber Risk Exchange is a centralization of inventory designed for swift due diligence and risk analysis. The exchange brings together proactive research with vendor contributions to present risk information (assessment details, certifications, connected vendors) on 70,000+ vendors. Vendorpedia has a Vendor Chasing Service where a user can ask for an assessment and assessment validation from the OneTrust assessment collection team. As a solution for Assessments & Due Diligence, Vendorpedia streamlines vendor evaluation and risk mitigation with out-of-the-box assessment templates, workflow automation, including Issue Tracking and Risk Mitigation Workflows.
We wrapped up this session with an open question forum featuring Subject Matter Experts from the Shared Assessments team.
In Summary, I believe what we’re seeing is a play on the old cliché “Too Many Cooks in the Kitchen” but reversed; the more cooks we have the greater coverage and capability the solutions provider can do to protect the public’s information. Bring on the competition and the innovation and let’s do more to build solutions for TPRM.