Search Results

Blog was inspired by the presentation by Julie Gaiaschi, CEO & Co-Founder of TPRA, at TPRA’s September 2024 Practitioner Member Meeting. (To watch the full presentation, TPRA Members can visit our On-Demand Webinars page  and navigate to the September 2024 meeting recording.)  In Third Party Risk Management (TPRM), establishing a thorough and well-structured budget allows teams to not only support their program’s current needs but also helps plan for future maturity efforts. A budget can also show the value TPRM brings to your organization. This is important because it allows executives to understand what you are doing, where you plan on going, and the return on investment (ROI) when you get there. So, how do you go about developing a strategic TPRM budget?  In this blog, we will cover:  Demonstrating Your TPRM Program’s Value   Key Budget Considerations   Resources   Operations   Travel   Program Maturity   Tools   Sample Budget Format   Demonstrating Value  It is important to first demonstrate the value of your TPRM program to executives.  There are many ways to demonstrate the value of your program and team to receive executive support on the TPRM budget. This ensures they understand the program's importance and the return on investment the organization receives from funding the TPRM program.  To start, articulate the value  of mitigating third party risks, such as protecting sensitive data, ensuring operational resilience, and minimizing financial and reputational impact. Then, tie in how the TPRM budget aligns with the organization’s strategic goals, like reducing risk exposure, ensuring compliance, and maintaining business continuity. It is important to share how the TPRM budget aligns with the organization’s goals, to ensure buy-in and support. Note the TPRM program does not relate to the main organization-wide activity and is everyone's responsibility.   Next, show how the budget is allocated  based on the level of risk posed by different third party relationships. High-risk vendors (e.g., those with access to sensitive data or critical systems) may require more scrutiny and more investment. You will also want to discuss the evolving risk environment , including cybersecurity threats, regulatory changes, and geopolitical factors, as well as how this influences the allocation of resources in the TPRM budget. Another aspect to highlight is the potential financial consequences  of failing to manage third party risks, such as regulatory fines, penalties, or breach-related costs. You can include considerations for the costs associated with responding to third party-related incidents, such as legal fees, forensic investigations, and customer notification processes. If incident response costs are included in a different budget outside of TPRM, then note that, as incident response is a big piece of managing risks.   You may also want to provide benchmarking data  to show how the organization’s TPRM budget compares to industry peers. This can justify the budget request and demonstrate that the organization is staying competitive in its risk management approach.  Lastly, discuss how the budget reflects the organization’s risk appetite and tolerance . Highlight the balance between cost and the need for adequate risk mitigation measures to protect the organization from potential third party-related failures. Be sure to provide examples of how the organization can optimize costs by focusing on the most critical third party risks and leveraging tools to reduce manual workload.     Key Budget Considerations  After you’ve demonstrated your program’s value to the organization, it’s now time to create your formal TPRM budget.  Items to consider include, but are not limited to:    Resources are centered around current and future employees, or contractors, as well as the costs associated with training them.  You may also want to note if pieces/parts of the program will be allocated to other departments (which should also have a budget for risk assessment activities), as well as the cost savings associated with the allocation for your department.  Operations include costs associated with daily tasks and running the TPRM program (such as variable and fixed costs). This also includes costs associated with regulatory compliance and incident response.   Travel can include costs associated with onsite visits, disaster recovery testing, disengaging with a third party, and other travel required. Travel costs can also include responding to incidents with in-person meetings.  Program Maturity  includes costs associated with TPRM program enhancements required, and what is needed to get there. Program maturity is important because while your budget says what you want to do, program maturity can show your executives where you are headed.  You can note what process enhancements are you looking to make and how those enhancements will improve your program.   Tools include budgeting for TPRM program automation.  You can also estimate the cost savings a tool(s) will bring to your organization.  Specific tool types you will want to consider include, but are not limited to, Governance Risk Compliance (GRC) tools, TPRM Platforms, Risk Rating/Risk Intelligence tools, and TPRM Services (such as consultants).    Sample Budget Format  Your budget should detail the value your TPRM program brings to the organization, the return on investment, and enhancements you wish to make to continuously improve program activities. Below is an example budget format that can be leveraged.   Executive Summary: Briefly explain the purpose of the TPRM budget, aligning it with the organization’s strategic goals and objectives. This should highlight why TPRM is essential to mitigating risks and ensuring compliance.   Value of TPRM Organization: Here is where you can explain how the TPRM program aligns with and supports key business objectives, such as safeguarding the organization’s reputation, maintaining compliance with regulations, and protecting against supply chain disruptions.  Cost Avoidance: Provide examples of how TPRM has helped avoid costly incidents, such as data breaches, regulatory fines, or business disruptions. This can be a bit harder to identify or call out, but it does paint a clearer picture for the board and executives.  Operational Resilience: Highlight how the program ensures the stability of operations, particularly in managing critical vendors.  Return on Investment: Share how the TPRM program is providing value to the organization by comparing the cost of managing third party risk to potential financial damage avoided, similar to operational resilience.  Budget Breakdown: Include a detailed breakdown of your budget, to include any budget subcategories.  Key Performance Indicators (KPIs) & Metrics: Lay out specific KPIs to measure the success of the TPRM program and the effectiveness of the budgeted items. Include metrics that show how the program is reducing risk exposure, such as lower incident rates, reduced financial impact from third party risks, or improved risk scores from third party risk management platforms.  Risk Assessment & Mitigation: Note potential risks to the TPRM program itself, such as lack of resources or budget constraints, and how they will be mitigated. Clearly explain the risks of underfunding the TPRM program, such as increased vulnerability to cyberattacks, compliance failures, or vendor disruptions.  Multi-Year Budget Forecast: Highlight potential areas for future investment, such as automation, artificial intelligence, or additional personnel to manage an increasing number of third party relationships.  Conclusion: Reinforce the critical role of TPRM in protecting the organization and mitigating vendor risks. Provide a clear and concise summary of the budget request, linking back to the strategic goals and value brought by the program. Then, ask for approval of the budget and support for any key investments highlighted in the report.    Conclusion  A well-crafted TPRM budget not only justifies the costs associated with managing third party risks, but also positions your program as a strategic asset to the organization. By clearly demonstrating how the budget supports business objectives, mitigates risks, and provides a solid ROI, you create a compelling case for continued and increased support. The insights and structure provided ensure that executives understand the critical role TPRM plays in protecting the organization, thereby making it easier to secure the resources needed for long-term success.    Additional Resources TPRA Offers   TPRM 101 Guidebook   TPRM Tools Site     Service Provider Profiles    Resources TPRA Offers to Members Request for Proposal (RFP) Site   The Business Case for Third Party Risk Management (TPRM): A Starting Point for Senior Leadership

You’ve built the framework. Defined the roadmap. Clarified the policies, procedures, and objectives. Now, the spotlight is on the final act before execution: the Budget .  Presenting a Third Party Risk Management (TPRM) budget isn’t just a numbers game, it’s a strategic dialogue with your C-suite. Each leader sees risk through a different lens. Your job is to make sure TPRM isn’t seen as a cost center, but as a business-critical function that protects brand value, operational continuity, and long-term growth.  When you step into the room, or join the Zoom, come prepared not only with accurate data, but also with a tailored approach that speaks each executive’s language when presenting your TPRM budget proposal.  Below is a sample budget submission  for a Third Party Risk Management (TPRM) program using estimated figures for a mid-sized organization  with around 1000 third parties , 20% of which are high or critical risk. This submission can be tailored for formal budget meetings, especially when speaking to a C-suite audience.  Sample Budget Example: TPRM Budget Submission: FY2026    Prepared by:  TPRM Program Office/Officer  Submitted to : Executive Leadership Team (CEO, CFO, CRO, CIO, COO, & CMO)  Date: June 6, 2025  Program Scope:  Covers third party onboarding, due diligence, ongoing monitoring, issue remediation, and exit/termination processes across 1000 third parties.  Executive Summary   This budget supports the implementation and maturity growth of our Third Party Risk Management (TPRM) program. It is designed to mitigate increasing third party risk exposure while enabling operational efficiency, regulatory alignment, and long-term resilience.  After aligning our budget with peer business units (e.g. IT, Procurement, etc.) to ensure no overlapping, we are requesting $1,240,000 in total TPRM program funding for FY2026, broken into the categories below.  TPRM Budget Breakdown  Category Detail Estimated Cost (USD) Personnel 3 FTEs (Manager, Analyst, Coordinator) + 1 contract assessor $450,000 Automation/Tools TPRM automation platform (e.g. onboarding, workflow, risk rating, etc.) $225,000 Training & Certification 3 staff attending TPRM conference & obtaining or maintaining certifications $15,000 Consulting Services External maturity model assessment and roadmap facilitation  $50,000  Operations Supplies, licenses, report, software, translation of vendor assessments $10,000 Travel   Site visits to top 10 critical third parties  $20,000 Risk Monitoring Services Third party financial, cyber, ESG monitoring subscriptions $150,000 Contingency Reserve For incident response or unplanned third-party reviews  $50,000 Program Development Internal awareness campaigns, playbook updates, policy refresh $25,000 Total   $1,240,000 Maturity Model Alignment  This budget enables us to progress from a TPRM Level 2 “Defined” to TPRM Level 3 “Integrated” maturity in the next 12 months. We will formalize our processes, integrate toolsets, and implement real-time monitoring with key risk indicators.  Supporting Attachments [Exhibit A-E]  Risk Appetite & Control Gap Analysis  Financial Risk Avoidance Estimator  Industry Peer Benchmarking  Sample ROI from Process Automation  5-Year Third Party Incident Tracker (Regulatory + Financial Impact)  TPRM to Corporate Alignment  This budget aligns to each of our organization’s six corporate goal:  Strategic Enablement  Risk Avoidance ROI  Risk Appetite Alignment  Efficiency Gains  Cyber & Operational Resilience  Brand Protection & ESG  As CEO,  I recognize one of your primary goals is Strategic Enablement :  Supporting secure scaling of partnerships, M&A, and outsourcing  Demonstrating proactive governance and leadership integrity    “As such, here is how TPRM aligns with our enterprise strategy and growth trajectory."    Every initiative in this budget supports not just compliance, but resilience and reputation. If we want to expand into new markets, partner with innovative vendors, and build customer trust, we must ensure that our third parties don’t introduce vulnerabilities. This budget enables proactive oversight that protects our ability to scale with confidence.    As CFO,  I recognize one of your primary goals is Risk Avoidance ROI :  Helping to avoid regulatory fines averaging $1.4M per incident (source: IBM/Ponemon)  Automate savings of ~$100K/year in reduced manual review hours    "So, Let’s talk about cost avoidance and value protection."    TPRM doesn’t generate revenue, but it shields it. Consider the financial impact of a third party data breach, regulatory fine, or supply chain disruption. We’ve included an incident impact analysis and a financial risk mitigation model. Tools like automation platforms may have upfront costs, but they reduce FTE hours and shorten due diligence cycles, providing long-term savings. This budget protects the bottom line.  As CRO: I recognize one of your primary goals is Risk Appetite Alignment:   Providing real-time risk visibility across 1,000 vendors  Improving response time to regulatory inquiries and audit findings    "As such, this is risk management at scale."    Our roadmap supports maturing the program to keep pace with emerging risks—cybersecurity, ESG, concentration, and geopolitical instability. With this budget, we gain visibility across the supply chain, build consistency in due diligence, and drive risk-informed decision making across the enterprise. Risk appetite isn’t just a principle, it’s operationalized here.    As COO:  I recognize one of your primary goals is Efficiency Gains :  Accelerating vendor onboarding timelines by ~30%  Reducing disruptions due to unknown vendor risks    "As such, TPRM budget plan enables operational efficiency and reduces friction."    Every tool and resource in this plan contributes to smoother onboarding, faster assessments, and fewer surprises post-contract. We’ve mapped resources to real operational demand, based on our third party portfolio’s inherent risk tiers. With the right investment, we reduce bottlenecks and improve our vendor lifecycle management without overburdening your teams.    As CIO: I recognize one of your primary goals is Cyber & Operational Resilience:   Detecting risk in data access and system integrations pre-contract  Supporting zero-trust third party architecture   "This budget strengthens our IT risk posture through third party visibility and integration support."   In today's interconnected ecosystem, our third parties don't just support the business, they connect to our systems, access sensitive data, and influence our security perimeter. This budget funds the tools and intelligence we need to proactively assess those relationships before they pose a risk.     Specifically, it supports:   A TPRM platform that integrates with ITSM and procurement tools for seamless intake and tracking  Ongoing cyber risk monitoring of vendors handling sensitive data or system access  Risk scoring tied to our internal architecture and controls, improving alignment with zero-trust and defense-in-depth strategies   By investing here, we’re ensuring that third party risks don’t undermine the protections we’ve worked so hard to build internally. It’s not just about compliance, it’s about maintaining system integrity, business continuity, and trust in our infrastructure.    We’re already seeing regulatory expectations shift toward shared accountability in third party breaches. This budget helps us stay ahead of those trends, and aligned with frameworks like NIST, ISO 27001, and the updated SEC guidance.    As CMO: I recognize one of your primary goals is   Brand Protection & ESG :   Assessing vendors for reputational risk, DEI, and ESG performance  Avoiding headline risk from third party failures    "We know that Brand trust is built on vendor integrity."  In a world where consumers and regulators scrutinize supply chains, a single third party misstep can create reputational headlines. Our TPRM budget supports robust assessments of vendors that touch customer data, brand experience, or ESG commitments. This is not only a risk measure, it’s a marketing safeguard.  Overall   What’s included in this Budget (and Why It Matters):   Resources: We’ve forecasted FTE and contractor needs to meet expected assessment volumes and maintain SLA targets.  Operations: This includes daily workflow support and practical tools to run an efficient program.  Training & Travel: To keep our team skilled and informed, and to support onsite reviews for critical third parties.  Maturity Investments:  We’ve aligned our asks to our current maturity level and the next step in our TPRM evolution.  Technology: We’ve assessed ROI for tools that reduce manual workloads and drive consistency.  We’ve also included benchmarking against peer organizations and a review of industry incidents and fines over the last five years to contextualize our ask. This isn’t “nice to have.” This is “mission critical.”    Bottom Line:   This is a proactive investment in resilience. It’s a shield for our brand, a hedge against regulatory and operational exposure, and a step toward a smarter, more scalable enterprise. I’m not just asking for budget, I’m asking for buy-in to protect what we’re building, the way we build it, and deliver it.   Author Bio Heather Kadavy Senior Membership Success Coordinator Heather Kadavy  joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management.  In her TPRM role she had oversight of over a thousand third par ty relationships, systems, due diligence reviews and contract management activities.  She developed, facilitated, and implemented training programs for thousands of employees over the years. Heather is a natural born connector of people and values relationship building at the cornerstone of her career.  She encourages you to connect with TPRA and herself via LinkedIn to join in the "TPRM Global Conversation".

If you’re sending the same full-blown risk assessment to every third party, whether they host sensitive data or simply mow your corporate lawn, it’s time for smarter automation.  Third Party tiering isn’t just a best practice, it’s a necessity. But too often, it’s handled manually or inconsistently, leading to:  Wasted time on low-risk third parties Insufficient scrutiny of high-risk partners  Frustration from internal teams and third parties alike  With automation, you can streamline how third parties are tiered, when they’re reassessed (i.e., their assessment cycle time), and whether they trigger enhanced due diligence, all without adding manual work.  Why Tiering Matters  Third Party tiering (or risk segmentation) helps you:  Prioritize time and resources  Tailor assessments based on risk  Justify lighter-touch reviews when appropriate  Align to internal policies and regulatory expectations  But the old way of doing it, with manual scoring, spreadsheet-based tiers, and ad hoc judgment, doesn’t scale. How Automation Improves Vendor Tiering & EDD  Let’s break this down into two key functions that benefit from automation:  1. Automated Vendor Tiering  Start by automatically assigning third party to tiers based on logic built into your intake or inherent risk assessment process.  Common inputs include:   Type and amount of data accessed (e.g., PII, PHI, cardholder data)  If the third party will access your organization's internal network and which environment (e.g., VPN, production environment)  Geographic presence or location of services  Regulatory exposure (e.g., HIPAA, GDPR)  Criticality to business operations    Tool Tip: Use intake forms or TPRM platforms that include conditional logic. Based on answers, third parties are automatically placed into Tier 1 (High), Tier 2 (Moderate), or Tier 3 (Low/Non-Critical).  Example Automation:   Business Owner selects “Yes” to the third party accessing customer PII → Platform sets them as Tier 1 → Full information security risk assessment initiated automatically.  2. Triggering Enhanced Due Diligence (EDD)  Once a third party is tiered, you can then set triggers to launch deeper reviews on a regular cadence, as well as if/when something changes.  EDD may include:   Expanded assessments Onsite or virtual visits Background checks on executives  Penetration testing evidence  Financial statement reviews  Crisis response documentation (e.g., BCP/DR tests)  Trigger Conditions Could Include, but not be Limited to:   A risk score threshold is exceeded  The third party is acquired by another organization and there is a change in leadership The third party will now host data offshore Contract change increases data access  Negative media or litigation is detected  Tool Tip: Connect monitoring platforms (BitSight, Security Scorecard, RiskRecon, Sayari) to your TPRM system to ensure events auto-trigger reassessment workflows.  Real-World Example: How a Tech Company Reduced Third Party Assessment Volume by 40%  A SaaS firm supporting fintech clients struggled with over-assessing third parties. Everyone received the same 200-question InfoSec review, whether they hosted client data or just helped with branding.  The organization decided to implement an automated tiering engine using a simple logic tree:  Tier 1: Hosts client data or business-critical systems → full TPRA Information Security Questionnaire + SOC 2  Tier 2: Indirectly supports regulated operations → limited questionnaire  Tier 3: No data access, non-critical → no further review  When a Tier 2 vendor’s risk rating system score dipped significantly, the system triggered an EDD workflow with an escalated assessment.  Results after 6 months:   40% fewer full assessments  Average assessment cycle time dropped 30%  Fewer third party complaints about irrelevant or overbearing reviews  What to Include in an Automated Tiering Framework  The TPRA community has created a free inherent risk questionnaire that can be leveraged within an automated tiering framework. If you are a TPRA member, you can obtain the inherent risk questionnaire template here . Getting Started  You don’t need to go from 0 to full automation in one step. Start with:  A basic inherent risk assessment that captures core risk drivers  A rules-based tiering system in Excel, Power Automate, or your TPRM tool  Clear definitions for Tier 1, 2, and 3, and what EDD should be performed for each tier Additional triggers for EDD (e.g., change in data access or poor cyber score)  Pro Tip: Automation Doesn’t Mean “Set and Forget”  You still need risk oversight. Automation just ensures your attention is focused on the third parties who need it most and when they need it most.     Key Takeaways  Treating all third parties the same is inefficient and risky  Automated tiering reduces noise and sharpens focus  Enhanced due diligence should be triggered by real risk, not just policies  You can implement this in phases with existing tools  Author Bio Heather Kadavy Senior Membership Success Coordinator Heather Kadavy joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management.  In her TPRM role she had oversight of over a thousand third par ty relationships, systems, due diligence reviews and contract management activities.  She developed, facilitated, and implemented training programs for thousands of employees over the years. Heather is a natural born connector of people and values relationship building at the cornerstone of her career.  She encourages you to connect with TPRA and herself via LinkedIn to join in the "TPRM Global Conversation".

Explore jobs in third party risk management from organizations hiring TPRM professionals. New listings added regularly. Start your search today. TPRM Job Listings Searching for a TPRM-specific job? Check out the listings below from organizations looking for talented TPRM professionals! Note: TPRA reserves the right to remove any job listing for any reason and without communication to the contact. Post a Job Techie Tech mahindra View Job Senior Manager, TPRM Gainwell Technologies View Job Third Party Risk Specialist Group 1001 View Job Compliance Manager - Third Party Oversight TD View Job Risk Management - TPRM Specialist Golden 1 Credit Union View Job Senior Consultant, TPRM Northern Trust View Job Enterprise Risk Management (Third Party Risk) Vice President Merrick Bank/CardWorks Inc View Job Risk Operations Vendor Manager Intuit View Job Enterprise Risk Management (Third Party Risk) - Vice President Merrick Bank View Job Senior Cyber Third-Party Analyst 3M View Job Risk Advisor, Global TPRM BMO View Job Program Manager - Cyber Security, TPRM lululemon View Job LOAD MORE

TPRM Service Provider start-ups are invited to join the TPRA as Incubator Members! Apply now! TPRA Incubator Program Welcome to the TPRA Incubator Program, created to be a catalyst for transformative innovation in third party risk management (TPRM) Read More Inquire About Membership About Mission Empower and accelerate the success of innovative third party risk management startups through a comprehensive incubator program. We strive to foster a collaborative ecosystem that provides mentorship, resources, and networking opportunities, enabling startups to navigate challenges, develop cutting-edge solutions, and establish a robust presence in the evolving landscape of risk management. Vision To be a catalyst for transformative innovation in third party risk management, fostering a dynamic ecosystem where startups thrive in pioneering solutions that redefine industry standards. We aspire to build a global community of resilient and adaptive risk management leaders who contribute to a secure and trustworthy business environment. Through our incubator program, we envision a future where emerging startups play a pivotal role in shaping the evolution of risk management practices, driving sustainability, and ensuring resilience in an ever-changing landscape. Transforming the Industry Together Incubator Participants Who Can Participate Inquire About Membership Innovative Third Party Risk Management Startups Only start-up organizations within the Third Party Risk Management space Start-up must be five years old or less and/or within the pre-seed, seed, or early stage (Series A and Series B) Start-ups must not bring in more than $500,000 of revenue annually from product/service offerings Must complete an application and potentially an interview Must provide evidence of the revenue the organization generates from products/services within their last and/or current financial year TPRA retains the right to deny any organization and/or individual entry into the Incubator Program for any reason Goals & Activities The goals and activities of the Incubator Program are to assist with removing roadblocks within the community to allow for better communication, tighten feedback loops to ensure community needs are addressed, and to be a catalyst for innovation within the community. The program will also allow for a common lexicon when speaking about TPRM programs and the value they bring to organizations. Below are the goals and activities related to the TPRA’s Innovator Program: 1 TPRA Vendor Membership Receive “Incubator Status” Vendor Membership based on the Program Tier structure below. Would receive all of the benefits of an “Advocate” Member. Benefits include: Orientation & On-boarding Three website accounts Quarterly updates Invitations to practitioner meetings Website Access Service Provider Profile LinkedIn Welcome Message Share your resources, events, surveys, & job openings with TPRA members Newsletter Spotlight & Links to Blogs Write blogs for TPRA 3 Access to Resources Share TPRA resources, webinars, and training opportunities. TPRA will create a website to share external resources for Incubator Program members only (to include company names and URLs for investment firms, other incubator programs, and other start-up accelerators). 5 Training & Skill Development Incubator participants may attend TPRA webinars, events, and activities on the website to enhance TPRM skill development. 7 Lead Generation Opportunities TPRA to provide incubator participants with discounts on conference sponsorships and demo opportunities. Sponsorships come with opt-in lists. TPRA to create a site for Practitioners to submit RFPs for TPRM tools and for incubator participants (as well as TPRA Vendor Members) to respond to them. 9 Feedback & Improvement of Incubator Program From time to time, participants will receive surveys that request feedback on the Incubator Program. Responses will be used to continually enhance the program. 2 Start-Up Advisory Council Set up regular 1:1 meetings (most likely quarterly) with select practitioners (based on industry and company size) to provide program participants with feedback on their products/services. This can also assist with the incubator program participant figuring out their product market fit, target market, and product/service pitch. Can also assist with the participant better understanding if they are addressing their market’s TPRM pain points. TPRA to create a site for Practitioners to note TPRM pain points and/or note request for innovation. (Note: Can have the community vote on what they would like to see the most.) Incubator Participants would be able to access this list. 4 Network Opportunities TPRA will create network opportunities to introduce incubator program participants other program participants, practitioners, and other service providers. 6 Brand Awareness TPRA to note the incubator participant’s organization on the TPRA website (within Service Provider Profile), highlight the organization on LinkedIn, and note the organization as a spotlight within one of the TPRA’s quarterly newsletters. 8 Collaboration on Additional Resources In collaboration with TPRA, may participate in educational trainings, research, & content creation (such as blog posts, whitepapers, & videos). Inquire About Membership Heather Kadavy Senior Membership Success Coordinator heather.kadavy@tprassociation.org Follow on LinkedIn > TPRM Service Provider Membership Inquiry Complete this form if you are interested in one of TPRA's Service Provider Membership options (Vendor Membership, Incubator Program, Consultant Catalyst). Our team will reach out to you as soon as possible with further details on plan benefits and pricing. First name* Last name* Job Title* Organization* Email* Phone Which membership option are you interested in? Vendor Membership – For established TPRM Service Provider organizations (TPRM Platform, GRC Platform, Risk Rating/Intelligence Tool, TPRM Services, etc.). Incubator Program – For Start-Up TPRM Service Provider Organizations looking to gain insight, support, and promotion. Consultant Catalyst – For single, Independent Consultants or Boutique Advisory Firms specializing in third-party risk management services. Other Anything else we should know? Submit

Learn about TPRA's available Vendor Member plans, the benefits included in each one, and how to join! TPRA Vendor Membership Becoming a TPRA Vendor Member isn't just about gaining leads and promoting your organization, it's about helping to further the industry of Third Party Risk Management (TPRM) by becoming an integral part of a community that establishes TPRM guidance, resources, and tools, and works to promote the value that TPRM professionals add to their organizations. INQUIRE ABOUT MEMBERSHIP This page is specific to Vendor Membership, but TPRA offers three types of membership to TPRM Service Providers depending on their needs, maturity, and/or revenue. A brief overview of each option can be found below, with links to explore further. Vendor Membership For established TPRM Service Provider organizations (TPRM Platform, GRC Platform, Risk Rating/Intelligence Tool, TPRM Services, etc.). Learn More Consultant Catalyst For single Independent Consultants or Boutique Advisory Firms specializing in third-party risk management services, typically with limited marketing budgets but high expertise. Learn More Incubator Program For Start-Up TPRM Service Provider Organizations looking to gain insight, support, and promotion. Learn More Vendor Member Benefits Connect with Targeted Audience Build relationships with third party risk professionals across industries through direct engagement opportunities, collaborative forums, and curated networking channels. Access Member-Only Insights Stay ahead of industry trends and challenges with exclusive access to community-driven insights, resources, and discussions. Highlight Your Solutions Showcase your tools, services, and innovations to the TPRM community through exclusive presentation and visibility opportunities designed to spark meaningful connections. Share Your Expertise Contribute your knowledge and thought leadership to the broader community through educational content and resource-sharing opportunities. Strengthen Your Brand Presence Enhance your brand recognition across TPRA platforms and communication channels through welcome features, spotlight opportunities, and tailored visibility touchpoints. Promote Events & Opportunities Expand your reach by promoting your relevant events, job openings, and initiatives directly to the TPRA practitioner network. Our Members Why Join? As a TPRA Vendor Member, you are recognized as an organization that believes in the mission of furthering the Third Party Risk Management profession through knowledge sharing and networking . Working together with Practitioners, you are an integral part of building a community that establishes TPRM guidance, resources, and tools, and works to promote the value that TPRM professionals add to their organizations. While the Third Party Risk Association is vendor-agnostic, we absolutely recognize the value our Vendor Members create not only in our profession, but also in the organizations our practitioners represent as well. Vendor Members are invited to leverage the Third Party Risk Association as a platform for increased brand recognition within our industry – we’ll support you with priority sponsorship opportunities , expedited customer support , and our partnership in providing you a voice within the larger TPRM community. Our membership and leadership can also serve as a resource offering unique insights into practitioner pain points and domain-specific challenges to inform your product offerings and prioritize your roadmaps. As we continue to grow, adding to our ever-evolving community of verified TPRM practitioners, the Third Party Risk Association will continue consulting our Vendor Membership for guidance on industry trends , emerging risks , and enhanced program automation effort s. The TPRA looks forward to working with you on furthering the profession of Third Party Risk Management together! INQUIRE ABOUT MEMBERSHIP Ready to Join? If you are looking to move forward with Vendor Membership, complete this form to begin the process! Our team will reach out soon with plan and pricing options. Contact Heather directly using the contact info below. Heather Kadavy Senior Membership Success Coordinator heather.kadavy@tprassociation.org TPRM Service Provider Membership Inquiry Complete this form if you are interested in one of TPRA's Service Provider Membership options (Vendor Membership, Incubator Program, Consultant Catalyst). Our team will reach out to you as soon as possible with further details on plan benefits and pricing. First name* Last name* Job Title* Organization* Email* Phone Which membership option are you interested in? Vendor Membership – For established TPRM Service Provider organizations (TPRM Platform, GRC Platform, Risk Rating/Intelligence Tool, TPRM Services, etc.). Incubator Program – For Start-Up TPRM Service Provider Organizations looking to gain insight, support, and promotion. Consultant Catalyst – For single, Independent Consultants or Boutique Advisory Firms specializing in third-party risk management services. Other Anything else we should know? Submit