All third party risk management articles
-
Premium
TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
-
Article
OCC deems ‘true lenders’ responsible for actions of third-party partners
The Office of the Comptroller of the Currency’s finalized “true lender” rule clarifies how banks are responsible for the compliance obligations and actions of their third-party lending partners.
-
Resource
e-Book: Mind the Gap — Where Third-Party Risk Management Programs Fall Short
This e-Book from Compliance Week and Aravo reveals the results of the “2020 TPRM Benchmarking Survey.”
-
Resource
White paper: Achieving Compliance with TPRM Regulatory and Framework Requirements
Measuring compliance against third-party risk management requirements is complex and time consuming; and with growing numbers of data breaches originating with third parties and all the regulatory activity that comes as a result, it never lets up.
-
Sponsored
The Cost of Third-Party Cybersecurity Risk Management
Survey of 600 IT security professionals finds organizations and third parties view their third-party cyber risk management (TPCRM) practices as important but ineffective today.
-
Article
Survey: Companies believe they've underinvested in TPRM
A new survey published by Deloitte highlights the latest trends—both opportunities and challenges—in companies’ journey toward a more mature extended enterprise risk management program, one in which third-party risk management is integrated across the firm and led from the top.
-
Article
Special report: Third-party risk management
As firms increasingly turn to external partners, the risks they acquire can become an internal problem.
-
Blog
Business justification for the use of third parties
Why is business justification for third parties so important? With the Department of Justice, Securities and Exchange Commission, and Internal Revenue Service all seeking such justification, companies should definitely make it part of the compliance process.
-
Article
Defense contractors must face third-party risk head-on with new cyber-security rules
New, potentially overlooked government-issued cyber-security demands for defense contractors extend into their network of suppliers as of Dec. 31.
-
Blog
LockPath and RiskRecon partner to increase TPRM visibility
LockPath has announced a new partnership with RiskRecon. Through this partnership, joint customers of LockPath and RiskRecon will be able to obtain a verifiable assessment of each third-party’s security practices.
-
Article
Recent data breaches impart third-party risk lessons
The data breaches at Yahoo, Equifax, and the SEC send a collective warning to organizations everywhere to improve their own third-party risk assessment.
-
Blog
Target and Walmart show that supply chain risk is everywhere
The bigger the company, the bigger the supply chain risk. Just ask Target and Walmart, which recently had to confront this issue head-on over fake Egyptian cotton bedsheets. More from Tom Fox.