Search Results

If you’re still relying on spreadsheets, shared drives, or email threads to collect due diligence evidence from third parties, you're not alone.  But you’re also probably:  Spending too much time sending reminders  Missing key artifacts come audit season  Duplicating efforts across assessments  Struggling to prove historical compliance  This is a ripe area for automation, one that can immediately ease TPRM fatigue and strengthen audit readiness.     The Evidence Burden is Real  In today’s TPRM environment, third parties are expected to provide dozens of artifacts, often across multiple frameworks or request types:  SOC 2 or ISO 27001 reports  Cybersecurity policies & control assessments  Insurance certificates  Penetration test summaries  Business continuity plans  Signed attestations  It’s a lot and often scattered. Multiply that by 50, 200, or 1,000 vendors, and suddenly your risk team is a full-time document chaser.  The Automation Opportunity  Here's how automation can modernize your evidence collection process, reduce back-and-forth, and give you better visibility into what's complete, and what's missing.     1. Auto-Send Evidence Requests on Schedule or Trigger  Set your TPRM application to automatically send evidence requests based on:  Vendor onboarding  Contract renewal dates  Annual or semi-annual reassessment cycles  Triggered events (e.g., scope changes or security alerts)  Tool Tip: TPRM platforms like Mirato, ProcessUnity, or Aravo can generate evidence requests tied to vendor risk tier and lifecycle stage.     2. Use Pre-Built Templates and Smart Forms  Build or reuse standardized templates by risk type or assessment purpose (e.g., privacy, InfoSec, ESG)  Use dynamic forms that adjust based on vendor responses to avoid over-requesting  Tool Tip: Tools like OneTrust or Venminder, an Ncontracts Company enabled conditional logic in assessments to streamline collection.    3. Centralize and Auto-Categorize Submissions  Route uploaded documents directly into the correct vendor profile and artifact folder  Use metadata to label evidence by type (e.g., SOC 2, PCI cert), date, and expiration  Tool Tip: Integrate SharePoint, Google Drive, or your TPRM platform’s document library with automation tags for search and retrieval.     4. Track Expirations and Send Auto-Reminders  Set calendar-based reminders before a certificate or report expires  Automatically notify both internal stakeholders and vendor point of contacts (POCs)  Tool Tip:  Use Power Automate, Zapier, or ServiceNow to flag expiring evidence and send personalized nudge emails.    5. Map Evidence to Controls or Frameworks  Auto-tag evidence to align with relevant controls (e.g., NIST CSF, ISO 27001, CAIQ)  Allow auditors or regulators to view which evidence supports each control  Tool Tip: Use tools with compliance mapping capabilities like AuditBoard, LogicGate, or TrustCloud.  Real-World Example: How a Mid-Sized Bank Reduced Audit Chaos  A regional bank with over 350 vendors had been relying on Excel trackers and shared folders to manage third party evidence. Every audit cycle brought panic, re-requests, and unclear ownership.  They introduced automated workflows that:  Sent initial evidence requests 90 days before renewal  Tracked which vendors responded and what was missing  Auto-tagged files by control area  Alerted internal teams if a document was expired or missing  Result:  85% reduction in last-minute evidence scramble  100% audit-ready vendor files  50+ hours saved per quarter    Getting Started with Evidence Automation  You don’t need a full GRC overhaul to get going. Start small with:  Standardized email templates for reminders  A centralized intake form for vendors to upload files  A shared dashboard to track evidence status by vendor or category  Then build toward automation and integration with your TPRM, GRC, or document management tools.  Pro Tip: Ask for Evidence Once. Use It Many Times.  Good automation also means good reuse. Store and tag documents so you’re not asking for the same SOC report for every new engagement.    Key Takeaway  Chasing down evidence is not a good use of your team’s time, or the vendor’s. Automating the collection, tracking, and expiration process saves effort, reduces errors, and strengthens your TPRM program’s credibility.   Author Bio Heather Kadavy Senior Membership Success Coordinator Heather Kadavy  joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management.  In her TPRM role she had oversight of over a thousand third party relationships, systems, due diligence reviews and contract management activities.  She developed, facilitated, and implemented training programs for thousands of employees over the years. Heather is a natural born connector of people and values relationship building at the cornerstone of her career.  She encourages you to connect with TPRA and herself via LinkedIn to join in the "TPRM Global Conversation".

Blog was inspired by the presentation by Julie Gaiaschi, CEO & Co-Founder of TPRA, at TPRA’s September 2024 Practitioner Member Meeting. (To watch the full presentation, TPRA Members can visit our On-Demand Webinars page  and navigate to the September 2024 meeting recording.)  In Third Party Risk Management (TPRM), establishing a thorough and well-structured budget allows teams to not only support their program’s current needs but also helps plan for future maturity efforts. A budget can also show the value TPRM brings to your organization. This is important because it allows executives to understand what you are doing, where you plan on going, and the return on investment (ROI) when you get there. So, how do you go about developing a strategic TPRM budget?  In this blog, we will cover:  Demonstrating Your TPRM Program’s Value   Key Budget Considerations   Resources   Operations   Travel   Program Maturity   Tools   Sample Budget Format   Demonstrating Value  It is important to first demonstrate the value of your TPRM program to executives.  There are many ways to demonstrate the value of your program and team to receive executive support on the TPRM budget. This ensures they understand the program's importance and the return on investment the organization receives from funding the TPRM program.  To start, articulate the value  of mitigating third party risks, such as protecting sensitive data, ensuring operational resilience, and minimizing financial and reputational impact. Then, tie in how the TPRM budget aligns with the organization’s strategic goals, like reducing risk exposure, ensuring compliance, and maintaining business continuity. It is important to share how the TPRM budget aligns with the organization’s goals, to ensure buy-in and support. Note the TPRM program does not relate to the main organization-wide activity and is everyone's responsibility.   Next, show how the budget is allocated  based on the level of risk posed by different third party relationships. High-risk vendors (e.g., those with access to sensitive data or critical systems) may require more scrutiny and more investment. You will also want to discuss the evolving risk environment , including cybersecurity threats, regulatory changes, and geopolitical factors, as well as how this influences the allocation of resources in the TPRM budget. Another aspect to highlight is the potential financial consequences  of failing to manage third party risks, such as regulatory fines, penalties, or breach-related costs. You can include considerations for the costs associated with responding to third party-related incidents, such as legal fees, forensic investigations, and customer notification processes. If incident response costs are included in a different budget outside of TPRM, then note that, as incident response is a big piece of managing risks.   You may also want to provide benchmarking data  to show how the organization’s TPRM budget compares to industry peers. This can justify the budget request and demonstrate that the organization is staying competitive in its risk management approach.  Lastly, discuss how the budget reflects the organization’s risk appetite and tolerance . Highlight the balance between cost and the need for adequate risk mitigation measures to protect the organization from potential third party-related failures. Be sure to provide examples of how the organization can optimize costs by focusing on the most critical third party risks and leveraging tools to reduce manual workload.     Key Budget Considerations  After you’ve demonstrated your program’s value to the organization, it’s now time to create your formal TPRM budget.  Items to consider include, but are not limited to:    Resources are centered around current and future employees, or contractors, as well as the costs associated with training them.  You may also want to note if pieces/parts of the program will be allocated to other departments (which should also have a budget for risk assessment activities), as well as the cost savings associated with the allocation for your department.  Operations include costs associated with daily tasks and running the TPRM program (such as variable and fixed costs). This also includes costs associated with regulatory compliance and incident response.   Travel can include costs associated with onsite visits, disaster recovery testing, disengaging with a third party, and other travel required. Travel costs can also include responding to incidents with in-person meetings.  Program Maturity  includes costs associated with TPRM program enhancements required, and what is needed to get there. Program maturity is important because while your budget says what you want to do, program maturity can show your executives where you are headed.  You can note what process enhancements are you looking to make and how those enhancements will improve your program.   Tools include budgeting for TPRM program automation.  You can also estimate the cost savings a tool(s) will bring to your organization.  Specific tool types you will want to consider include, but are not limited to, Governance Risk Compliance (GRC) tools, TPRM Platforms, Risk Rating/Risk Intelligence tools, and TPRM Services (such as consultants).    Sample Budget Format  Your budget should detail the value your TPRM program brings to the organization, the return on investment, and enhancements you wish to make to continuously improve program activities. Below is an example budget format that can be leveraged.   Executive Summary: Briefly explain the purpose of the TPRM budget, aligning it with the organization’s strategic goals and objectives. This should highlight why TPRM is essential to mitigating risks and ensuring compliance.   Value of TPRM Organization: Here is where you can explain how the TPRM program aligns with and supports key business objectives, such as safeguarding the organization’s reputation, maintaining compliance with regulations, and protecting against supply chain disruptions.  Cost Avoidance: Provide examples of how TPRM has helped avoid costly incidents, such as data breaches, regulatory fines, or business disruptions. This can be a bit harder to identify or call out, but it does paint a clearer picture for the board and executives.  Operational Resilience: Highlight how the program ensures the stability of operations, particularly in managing critical vendors.  Return on Investment: Share how the TPRM program is providing value to the organization by comparing the cost of managing third party risk to potential financial damage avoided, similar to operational resilience.  Budget Breakdown: Include a detailed breakdown of your budget, to include any budget subcategories.  Key Performance Indicators (KPIs) & Metrics: Lay out specific KPIs to measure the success of the TPRM program and the effectiveness of the budgeted items. Include metrics that show how the program is reducing risk exposure, such as lower incident rates, reduced financial impact from third party risks, or improved risk scores from third party risk management platforms.  Risk Assessment & Mitigation: Note potential risks to the TPRM program itself, such as lack of resources or budget constraints, and how they will be mitigated. Clearly explain the risks of underfunding the TPRM program, such as increased vulnerability to cyberattacks, compliance failures, or vendor disruptions.  Multi-Year Budget Forecast: Highlight potential areas for future investment, such as automation, artificial intelligence, or additional personnel to manage an increasing number of third party relationships.  Conclusion: Reinforce the critical role of TPRM in protecting the organization and mitigating vendor risks. Provide a clear and concise summary of the budget request, linking back to the strategic goals and value brought by the program. Then, ask for approval of the budget and support for any key investments highlighted in the report.    Conclusion  A well-crafted TPRM budget not only justifies the costs associated with managing third party risks, but also positions your program as a strategic asset to the organization. By clearly demonstrating how the budget supports business objectives, mitigates risks, and provides a solid ROI, you create a compelling case for continued and increased support. The insights and structure provided ensure that executives understand the critical role TPRM plays in protecting the organization, thereby making it easier to secure the resources needed for long-term success.    Additional Resources TPRA Offers   TPRM 101 Guidebook   TPRM Tools Site     Service Provider Profiles    Resources TPRA Offers to Members Request for Proposal (RFP) Site   The Business Case for Third Party Risk Management (TPRM): A Starting Point for Senior Leadership

You’ve built the framework. Defined the roadmap. Clarified the policies, procedures, and objectives. Now, the spotlight is on the final act before execution: the Budget .  Presenting a Third Party Risk Management (TPRM) budget isn’t just a numbers game, it’s a strategic dialogue with your C-suite. Each leader sees risk through a different lens. Your job is to make sure TPRM isn’t seen as a cost center, but as a business-critical function that protects brand value, operational continuity, and long-term growth.  When you step into the room, or join the Zoom, come prepared not only with accurate data, but also with a tailored approach that speaks each executive’s language when presenting your TPRM budget proposal.  Below is a sample budget submission  for a Third Party Risk Management (TPRM) program using estimated figures for a mid-sized organization  with around 1000 third parties , 20% of which are high or critical risk. This submission can be tailored for formal budget meetings, especially when speaking to a C-suite audience.  Sample Budget Example: TPRM Budget Submission: FY2026    Prepared by:  TPRM Program Office/Officer  Submitted to : Executive Leadership Team (CEO, CFO, CRO, CIO, COO, & CMO)  Date: June 6, 2025  Program Scope:  Covers third party onboarding, due diligence, ongoing monitoring, issue remediation, and exit/termination processes across 1000 third parties.  Executive Summary   This budget supports the implementation and maturity growth of our Third Party Risk Management (TPRM) program. It is designed to mitigate increasing third party risk exposure while enabling operational efficiency, regulatory alignment, and long-term resilience.  After aligning our budget with peer business units (e.g. IT, Procurement, etc.) to ensure no overlapping, we are requesting $1,240,000 in total TPRM program funding for FY2026, broken into the categories below.  TPRM Budget Breakdown  Category Detail Estimated Cost (USD) Personnel 3 FTEs (Manager, Analyst, Coordinator) + 1 contract assessor $450,000 Automation/Tools TPRM automation platform (e.g. onboarding, workflow, risk rating, etc.) $225,000 Training & Certification 3 staff attending TPRM conference & obtaining or maintaining certifications $15,000 Consulting Services External maturity model assessment and roadmap facilitation  $50,000  Operations Supplies, licenses, report, software, translation of vendor assessments $10,000 Travel   Site visits to top 10 critical third parties  $20,000 Risk Monitoring Services Third party financial, cyber, ESG monitoring subscriptions $150,000 Contingency Reserve For incident response or unplanned third-party reviews  $50,000 Program Development Internal awareness campaigns, playbook updates, policy refresh $25,000 Total   $1,240,000 Maturity Model Alignment  This budget enables us to progress from a TPRM Level 2 “Defined” to TPRM Level 3 “Integrated” maturity in the next 12 months. We will formalize our processes, integrate toolsets, and implement real-time monitoring with key risk indicators.  Supporting Attachments [Exhibit A-E]  Risk Appetite & Control Gap Analysis  Financial Risk Avoidance Estimator  Industry Peer Benchmarking  Sample ROI from Process Automation  5-Year Third Party Incident Tracker (Regulatory + Financial Impact)  TPRM to Corporate Alignment  This budget aligns to each of our organization’s six corporate goal:  Strategic Enablement  Risk Avoidance ROI  Risk Appetite Alignment  Efficiency Gains  Cyber & Operational Resilience  Brand Protection & ESG  As CEO,  I recognize one of your primary goals is Strategic Enablement :  Supporting secure scaling of partnerships, M&A, and outsourcing  Demonstrating proactive governance and leadership integrity    “As such, here is how TPRM aligns with our enterprise strategy and growth trajectory."    Every initiative in this budget supports not just compliance, but resilience and reputation. If we want to expand into new markets, partner with innovative vendors, and build customer trust, we must ensure that our third parties don’t introduce vulnerabilities. This budget enables proactive oversight that protects our ability to scale with confidence.    As CFO,  I recognize one of your primary goals is Risk Avoidance ROI :  Helping to avoid regulatory fines averaging $1.4M per incident (source: IBM/Ponemon)  Automate savings of ~$100K/year in reduced manual review hours    "So, Let’s talk about cost avoidance and value protection."    TPRM doesn’t generate revenue, but it shields it. Consider the financial impact of a third party data breach, regulatory fine, or supply chain disruption. We’ve included an incident impact analysis and a financial risk mitigation model. Tools like automation platforms may have upfront costs, but they reduce FTE hours and shorten due diligence cycles, providing long-term savings. This budget protects the bottom line.  As CRO: I recognize one of your primary goals is Risk Appetite Alignment:   Providing real-time risk visibility across 1,000 vendors  Improving response time to regulatory inquiries and audit findings    "As such, this is risk management at scale."    Our roadmap supports maturing the program to keep pace with emerging risks—cybersecurity, ESG, concentration, and geopolitical instability. With this budget, we gain visibility across the supply chain, build consistency in due diligence, and drive risk-informed decision making across the enterprise. Risk appetite isn’t just a principle, it’s operationalized here.    As COO:  I recognize one of your primary goals is Efficiency Gains :  Accelerating vendor onboarding timelines by ~30%  Reducing disruptions due to unknown vendor risks    "As such, TPRM budget plan enables operational efficiency and reduces friction."    Every tool and resource in this plan contributes to smoother onboarding, faster assessments, and fewer surprises post-contract. We’ve mapped resources to real operational demand, based on our third party portfolio’s inherent risk tiers. With the right investment, we reduce bottlenecks and improve our vendor lifecycle management without overburdening your teams.    As CIO: I recognize one of your primary goals is Cyber & Operational Resilience:   Detecting risk in data access and system integrations pre-contract  Supporting zero-trust third party architecture   "This budget strengthens our IT risk posture through third party visibility and integration support."   In today's interconnected ecosystem, our third parties don't just support the business, they connect to our systems, access sensitive data, and influence our security perimeter. This budget funds the tools and intelligence we need to proactively assess those relationships before they pose a risk.     Specifically, it supports:   A TPRM platform that integrates with ITSM and procurement tools for seamless intake and tracking  Ongoing cyber risk monitoring of vendors handling sensitive data or system access  Risk scoring tied to our internal architecture and controls, improving alignment with zero-trust and defense-in-depth strategies   By investing here, we’re ensuring that third party risks don’t undermine the protections we’ve worked so hard to build internally. It’s not just about compliance, it’s about maintaining system integrity, business continuity, and trust in our infrastructure.    We’re already seeing regulatory expectations shift toward shared accountability in third party breaches. This budget helps us stay ahead of those trends, and aligned with frameworks like NIST, ISO 27001, and the updated SEC guidance.    As CMO: I recognize one of your primary goals is   Brand Protection & ESG :   Assessing vendors for reputational risk, DEI, and ESG performance  Avoiding headline risk from third party failures    "We know that Brand trust is built on vendor integrity."  In a world where consumers and regulators scrutinize supply chains, a single third party misstep can create reputational headlines. Our TPRM budget supports robust assessments of vendors that touch customer data, brand experience, or ESG commitments. This is not only a risk measure, it’s a marketing safeguard.  Overall   What’s included in this Budget (and Why It Matters):   Resources: We’ve forecasted FTE and contractor needs to meet expected assessment volumes and maintain SLA targets.  Operations: This includes daily workflow support and practical tools to run an efficient program.  Training & Travel: To keep our team skilled and informed, and to support onsite reviews for critical third parties.  Maturity Investments:  We’ve aligned our asks to our current maturity level and the next step in our TPRM evolution.  Technology: We’ve assessed ROI for tools that reduce manual workloads and drive consistency.  We’ve also included benchmarking against peer organizations and a review of industry incidents and fines over the last five years to contextualize our ask. This isn’t “nice to have.” This is “mission critical.”    Bottom Line:   This is a proactive investment in resilience. It’s a shield for our brand, a hedge against regulatory and operational exposure, and a step toward a smarter, more scalable enterprise. I’m not just asking for budget, I’m asking for buy-in to protect what we’re building, the way we build it, and deliver it.   Author Bio Heather Kadavy Senior Membership Success Coordinator Heather Kadavy  joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management.  In her TPRM role she had oversight of over a thousand third par ty relationships, systems, due diligence reviews and contract management activities.  She developed, facilitated, and implemented training programs for thousands of employees over the years. Heather is a natural born connector of people and values relationship building at the cornerstone of her career.  She encourages you to connect with TPRA and herself via LinkedIn to join in the "TPRM Global Conversation".

Join the TPRM community at TPRA for expert resources, training, templates, and tools to strengthen your third party risk program and grow your network. Join the only not-for-profit, vendor-agnostic professional association uniting thousands of TPRM professionals worldwide. Furthering the profession of third party risk management through knowledge-sharing & networking. Learn More Join Now The all-in-one source for Third Party Risk Management (TPRM) tools, templates, training, networking, certifications & industry best practices. MEMBERSHIP CONNECT & DISCOVER Individuals & organizations working together to advance the industry. More > EDUCATION MEETINGS & TRAINING Certifications & training for risk professionals to advance their careers & enhance their programs. More > RESOURCES INFORMATION SHARING SITE White papers, templates, guidance & more to enhance your program. More > TOOLS & AUTOMATION EXPLORE & CONTACT Detailed profiles of trusted TPRM service provider organizations & their offerings. More > Advance Your Career in Risk Management: Learn About the Benefits of TPRA Membership > Practitioner Plans Standard: FREE Premium: $199/yr BENEFITS Member Meetings Interactive monthly calls to discuss a variety of third party risk topics decided upon by members. Conferences In-person and virtual conferences dedicated solely to third party risk topics. Networking Online interaction with your peers through membership forums and document databases. Industry-Specific Meetings Quarterly special interest calls based on your industry. Demos, Surveys, Webinars Access to third party risk management service provider demos, surveys, & webinars. Certifications TPRM professional certifications that establish credibility and demonstrate your commitment to mastering your skills and knowledge within the industry. Join Now Vendor Plans 4 available plans starting at $8,000/yr BENEFITS Priority & Discount Sponsorship Opportunities Be the first to sponsor conferences and receive discounted member rates, as well as priority positioning. Networking & Collaboration Attend monthly and quarterly meetings with TPRM practitioners and other service providers to network, collaborate, create resources, share insights, and more! Promotional Opportunities Work with the TPRA staff to communicate to Practitioner Members the your organization's webinars, surveys, demos, blog posts, and white papers. Advisory Councils Join our TPRM Service Provider Advisory Council, as well as other groups, dedicated to collaborating, sharing insights, and providing strategic guidance. Quarterly Updates Receive quarterly updates with industry innovators to collaborate on practitioner needs. Join Now Meetings Open to All Meetings Open to All Member Meetings & Events On-Demand Meetings Thursday, September 11, 2025 10:00 - 11:00 AM CT Panel: Operational Resilience & Incident Response Register > Tuesday, September 16, 2025 1:00 - 2:00 PM CT Women In TPRM Meeting Register > Thursday, October 9, 2025 10:00 - 11:00 AM CT Roundtable: Disengaging Smartly: Third Party Exit Strategies & Offboarding Register > CONTACT US OUR INFORMATION Address: P.O. Box 824 Ankeny, Iowa 50021 USA Email: info@tprassociation.org For any general inquiries, please fill out the contact form. First name* Last name* Email* Subject Message* Yes, subscribe me to TPRA communications. Submit

Join TPRA’s Women in TPRM program to uplift and support women in the industry through mentorship, leadership development, and recognition. Empowering the next generation of women leaders in TPRM. Our Goals Our Goals The Women in TPRM (WNTPRM) Program is dedicated to empowering women in the Third Party Risk Management (TPRM) industry. This program is open to all , regardless of TPRA membership status or gender identity. Through collaborative efforts, we aim to: Uplift Women in TPRM : Advocate for professional growth and recognition. Provide Access to Higher-Paying Roles: Break barriers to equitable opportunities in TPRM careers. Facilitate Mentorships: Connect women with seasoned professionals to foster guidance and growth. Celebrate & Support Women: Establish a platform to spotlight achievements and nurture community. Cultivate Future Leaders: Develop the next generation of trailblazers in TPRM. What We Do What We Do We meet monthly to strategize on achieving these goals and to address challenges within the field. You do not need to be a TPRA member to participate in this program, but some facets of this program are member-specific, such as our 'Women in TPRM' Slack Channel, where TPRA Practitioner Members can continue meaningful conversations, share resources, and collaborate. Standard Practitioner Membership is free , and all TPRA Practitioner Members are invited to join our Slack Forum here . Members and non-members can join our LinkedIn group to stay connected. Our Initiatives Include: Advocating for the importance of women in TPRM through educational resources and outreach. Providing access to tools, techniques, and insights that uplift and empower women in the field. Showcasing and celebrating women leaders who inspire and shape the TPRM landscape. Sharing job opportunities from organizations committed to supporting women in TPRM. Join us as we drive change, foster leadership, and build a brighter future for women in TPRM! Meetings Upcoming Meetings Watch On-Demand Meetings September 16, 2025 1:00 - 2:00 PM CT Women In TPRM Meeting Read All October 7, 2025 1:00 - 2:00 PM CT WNTPRM Work Group Meeting Read All October 21, 2025 1:00 - 2:00 PM CT Women In TPRM Meeting Read All Programs & Resources WNTPRM Work Group The WNTPRM Work Group is a collaborative forum dedicated to empowering and advancing women in third-party risk management (TPRM) through education, leadership development, mentorship, and career advancement, fostering a supportive community for women professionals and leaders. Register for Meetings Mentorship Program Our mentorship program is focused on women within the field of Third-Party Risk Management. Our goal for this program is to align mentors and mentees to address and support the needs of our membership. If interested in becoming a mentor or mentee, please fill out the interest form. Interest Form Women Lead Spotlights Our Women Lead Program is dedicated to showcasing inspiring leaders by highlighting their stories. Our goal for this program is to learn from and be inspired by women leaders in the field of Third Party Risk Management (TPRM) throughout various industries. View our Leaders and learn how to nominate and/or apply to become a spotlight. View Spotlights Resource Sharing Library Our Women in TPRM Resource Sharing Library contains a variety of women in business-related materials. Included are reports on the latest women in business trends and statistics, blogs and articles on relevant and current happenings, and TED Talks featuring inspiring women in business educating others on how to navigate the business world and find success in their careers. View Library Leadership Ladders Originally developed by TPRA's Women in TPRM "Lead" work group, this training activity is designed for all current & aspiring leaders within the Third Party Risk Management (TPRM) industry. Inspired by the classic "Shoots and Ladders" game, it is an all-in-one roadmap to leadership in the form of a nostalgic, virtual board game! E ach box on the board is linked to a valuable resource–including customized guides, blogs, videos, quizzes, and more–with the goal of enhancing your leadership potential through buildable skills and expert insights. Any professional, regardless of what stage they're at in their career, can find value in this activity. Check It Out Recorded Meetings View meeting recordings and PowerPoints from our monthly Women In TPRM Meetings. Recorded Meetings Resources Statistics Women only represent 15-20% of the Governance, Risk and Compliance profession (GRC World Forums, 2021). Read Full Article Only about 25% of every 100 security and risk management (SRM) executives are women (Gartner Inc., 2019). Read Full Article Gender-diverse and inclusive teams outperform gender-homogeneous, less-inclusive teams by an average of 50 % (Gartner Inc., 2019). Read Full Article According to one survey, 24% of global cybersecurity employees are women, and 18% of CIOs/CTOs are female (Deloitte, 2021 ). Read Full Article Quotes "Diversity matters not just because increasing representation of minorities and women in a fast growing and critical field is the right thing to do, but because a variety of viewpoints are key to solving hard problems." SVP, General Counsel - Legal, Bitsight Johanna Werbach “...change must come from within the industry and not be mandated from external parties.” Chief Data and Privacy Officer, MeritB2B Karie Burt "With different backgrounds and perspectives and voices at the table and in an environment where their contributions are really valued, you benefit from a much more expansive conversation and one that’s much more likely to uncover the full range of possibilities and solutions." VP & GM, TPRM, BitSight Vanessa Jankowski Read "Women in CyberSecurity"

On September 11, 2025, from 10:00 to 11:00 AM CT, this panel will discuss building operational resilience and preparing for incident response. Gain practical advice for managing disruptions in third-party ecosystems. TPRM WEBINAR Panel: Operational Resilience & Incident Response Thursday, September 11, 2025 Date Thursday, September 11, 2025 Time 10:00 - 11:00 AM CT Intended Audience All TPRM Professionals Duration 60 minutes CPE Credits 1 Fee Free Register Event Description Watch the meeting recording for our TPRM Webinar held on… Show More SPEAKER(S) INFORMATION CPE CREDIT Panelists Include: Evan Tegethoff, VP Solutions Engineering at Bitsight Mark Orsi, CEO at Global Resilience Federation Nick Geyer, Sr. Product Marketing Manager at OneTrust Charles John, Operational Resilience Director at RSM US LLP About These Meetings Monthly TPRM Webinars are held every second Thursday of the month. Join us for relevant and informative roundtables, panels, and/or presentations on TPRM topics and pain points our members noted within the 2024 end-of-year survey. Who Should Attend All TPRM professionals are invited to these events, including TPRA Practitioner Members, TPRA Vendor Members, and Non-members. Cancellations In the event that this session would need to be canceled, you will be contacted and invited to register for the rescheduled event. Questions & Concerns For more information regarding administrative policies such as complaints, please contact us at info@tprassociation.org . TPRA Members are eligible to receive 0.5 CPE credits for every 30 minutes of the LIVE meeting that they attend. (Ex. Attend for 30 minutes = 0.5 CPE credits. Attend for 1 hour = 1 CPE credits). CPE Credit will be issued upon completion of the post-event survey. Please allow at least one week following the event to receive your CPE certificate.