top of page

Search Results

391 results found with an empty search

  • HITRUST | Vendor Member Profile

    Learn more about HITRUST, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > HITRUST TPRM Services Advocate Member CONTACT INFORMATION marketing@hitrustalliance.net HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 60 standards and frameworks, the company's threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 17 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance. TOP PRODUCT FUNCTIONALITY CATEGORIES Third-Party Risk Management Assessment & Assurance Framework & Standards Integration Certification & Validation Continuous Monitoring & Updates Reporting & Analytics Corrective Action Plans Remediation Tracking RESOURCES FROM THIS VENDOR MEMBER Transforming Vendor Risk Management: The Business Impact of HITRUST Assurance VENDOR MEMBER RESOURCE | February 19, 2026 HITRUST TPRM infographic VENDOR MEMBER RESOURCE | February 19, 2026 Redefining Third-Party Risk Management with the HITRUST Validated Assurance VENDOR MEMBER RESOURCE | February 19, 2026 Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES Introducing the HITRUST Assessment XChange Integration with ServiceNow August 21, 2025 ADDITIONAL OPPORTUNITIES Previous Next

  • Quotable Women | TPRA

    Learn from inspiring women leaders on topics like women in business, balancing work and home life, carving out space for yourself in professional and personal settings, and so much more! All Categories Previous Category Next Category Quotable Women Filter by Resource Type Blogs & Articles Book Ted Talk Video Found 6 Blogs & Articles Top 10 Most Influential People in Risk and Compliance to Follow in 2025 Jennifer A. Thomason: Mentoring Multiple Generations to Reach Their Full Potential Check It Out Heather Kadavy Friday, August 1, 2025 Video Brené Brown | Do Not Negotiate Who You Are Brené Brown graduated with a doctorate in 2002 from the University of Houston's Graduate College of Social Work. At the Graduate College of Social Work at the University of Houston, she started out as a research professor. Her studies emphasize sincerity and genuine leadership. COURAGE works and Brave Leaders Inc. are both run by her as founder and CEO. Numerous teaching honors have been bestowed upon her. The Gifts of Imperfection, Daring Greatly, and Rising Strong are three of her books that have reached #1 on the New York Times bestseller list. On PBS, NPR, TED, and CNN, she and her work have been highlighted. Moreover, she runs The Daring as CEO. Check It Out Meghan Schrader Friday, September 22, 2023 Ted Talk Luvvie Ajayi Jones | Author, Speaker, & Entrepreneur Luvvie Ajayi Jones is a three-time New York Times bestselling author, speaker and entrepreneur who thrives at the intersection of culture, business and leadership. Her critically acclaimed books Professional Troublemaker: The Fear-Fighter Manual (2021) and I’m Judging You: The Do-Better Manual (2016) were instant bestsellers and established her as a literary force with a powerful pen (luvvie.org/). Her renowned TED talk “Get Comfortable with Being Uncomfortable” has over 8.3 million views, has been transcribed into 23 languages, and has placed her in the Top 1% of TED Talks of all time. Luvvie has taken the stage at some of the world’s most innovative and disruptive brands, such as Google, Facebook, Microsoft, Twitter, Spotify, Nike, Bank of America, Salesforce, Deloitte, and Clif Bar. She’s been a featured speaker at noted conferences such as: Cannes Lions, SXSW, Leadercast, 3% Conference, and MAKERS Conference (luvvie.org/). Check It Out Meghan Schrader Wednesday, November 1, 2017 Blogs & Articles Elsa Goutveniger: The Go-to Person for Risk Management, Compliance, and Insurance Top 10 Most Influential People in Risk and Compliance to Follow in 2025 Check It Out Heather Kadavy Friday, August 1, 2025 Ted Talk Reshma Saujani, Founder of Girls Who Code Reshma Saujani is an American lawyer, activist, author, and the founder of Girls Who Code, a nonprofit organization dedicated to closing the gender gap in technology. A lifelong advocate for women and girls, she launched Girls Who Code in 2012 after noticing the glaring lack of female students in computer science classrooms. Reshma began her career as an attorney and political organizer and was the first Indian-American woman to run for U.S. Congress in 2010. Though she didn't win the seat, her campaign inspired her to dedicate her life to empowering young women through access to STEM education and leadership opportunities. She is the bestselling author of "Brave, Not Perfect", which challenges societal expectations of perfection and encourages women to take risks and embrace imperfection. Reshma also hosts the Brave, Not Perfect podcast and has delivered a widely viewed TED Talk on the same topic. A graduate of the University of Illinois, Harvard’s Kennedy School of Government, and Yale Law School, Reshma continues to be a leading voice on women’s economic empowerment, education equity, and the future of work. Check It Out Tuesday, February 5, 2019 Book Mel Robbins | Author, Speaker, Podcast Host The secret to changing your life isn't knowing what to do - it's knowing how to make yourself do it. The 5 Second Rule is the secret to changing anything about your life. You can use the Rule and its countdown method to break any bad habit, interrupt self-doubt and negative self-talk, and push yourself to take the actions that will change your life. Check It Out Meghan Schrader Tuesday, February 28, 2017

  • Women Lead | Sophie Bennett

    Learn about Sophie Bennett, Previously: VP, Vendor Management for Lloyds Bank, and TPRA's WNTPRM June 2024 Leader Spotlight. < See All < Previous Next > Sophie Bennett Previously: VP, Vendor Management Lloyds Bank Biography I am a professional specializing in Third-Party Risk Management. My unique global perspective has been shaped by 10 years working across UK, the Philippines and New York (7 years). My background in procurement, supplier assurance, and supplier management equips me to deliver effective results. I am deeply committed to meeting internal needs while adeptly managing evolving external risks in a fast-paced environment. At Lloyds Bank North America I was responsible for overseeing around 300 vendor relationships! Leadership Characteristics Leading with kindness and empathy. Diversity and inclusion can underpins success! Leadership Challenges I arrived to New York from London more than seven years ago where I built up the procurement and supplier assurance policies and procedures for Lloyds Bank North America. Key Take-a-ways My favorite aspect of TPRM is that it is ever-evolving! Fun Fact I've featured as an extra in Law and Order: Special Victims Unit

  • TPRM 101 GUIDEBOOK | TPRA

    The Third Party Risk Association (TPRA) is excited to bring you the first comprehensive, third Party Risk Management (TPRM) program guidebook. This guidebook will walk you through all phases of the TPRM lifecycle, in detail, and provide you with practical tools, tips, and examples for its implementation. It was developed over the course of three years from the input of numerous TPRM Practitioners, subject matter experts, and TPRM Service Provider organizations. Top of Page Third Party Risk Management 10 1 Guidebo ok The Third Party Risk Association (TPRA) is excited to bring you the first comprehensive, Third Party Risk Management (TPRM) program guidebook. This guidebook will walk you through all phases of the TPRM lifecycle, in detail, and provide you with practical tools, tips, and examples for its implementation. It was developed over the course of three years from the input of numerous TPRM Practitioners, subject matter experts, and TPRM Service Provider organizations (i.e., the Third Party Risk Management Community). We hope you find this guidebook to be helpful and easy to understand, providing you with relevant tips and examples to ensure successful implementation and/or enhancement of your current TPRM program. Download Now! Leave a Review download Submit the form below to get your FREE copy of our eBook! First name Last name Title Organization Email Submit Downloaded by over 1,000 TPRM professionals! Reviews Please feel free to write a review below!

  • Eric Rosendaul | Citizens Bank

    Get to know Eric Rosendaul, Citizens Bank, and a member of TPRA's Board of Directors! < Back Eric Rosendaul Citizens Bank BOARD OF DIRECTORS I am currently a Team Manager within Third Party Assurance at Citizen's Bank. I've been with the bank 5+ years, having started in 2020 as a Sr. Analyst, then promoted in 2023 to a Team Manager. I currently lead a team of cyber and operational risk analysts which will soon expand to include compliance analysts in 2026. Prior to Citizens, I spent 6 years with Alliance Data Systems (now Bread Financial). I started out in the Legal department before quickly moving to their Vendor Management Office, where I quickly worked my way up from low risk assessments to the most critical, built a 4th party management program, and eventually a 2LOD program with the bank directly. I've worked fully remote since 2016 when my wife and I relocated from Columbus, OH to NW Ohio where we currently reside with our 3 kids, 2 dogs, 2 cats, 2 horses, and some chickens. We enjoy camping as a family and I have recently picked up side interest in watches. Next >

  • Women Lead | Darla Graff

    Learn about Darla Graff, Third Party Risk Manager for Erie Insurance, and TPRA's WNTPRM May 2024 Leader Spotlight. < See All < Previous Next > Darla Graff Third Party Risk Manager Erie Insurance Biography Third Party Risk and Cybersecurity leader with experience in building and managing comprehensive and effective Third Party Risk Management programs and high-performing teams. Over 25 years of experience across multiple domains including third party risk management, cybersecurity, privacy, business resiliency, IT, regulatory compliance (PCI, HIPAA, SOX, NYDFS) and IT audit. Certifications: CISM, CISA, CRISC, CDPSE, CTPRP, CTPRA. Leadership Characteristics Passionate, enthusiastic, collaborative, and inclusive. Effectively manages by empowering others, strategic and forward thinking, and through risk-based decision-making. Leadership Challenges Maintaining strategic alignment of the Third Party Risk Management program with the rapid advancement and growth of the business, innovation, and technology, while simultaneously optimizing the processes to assess, monitor and reduce risks related to the use of third parties. Key Take-a-ways Third Party Risk Management has been a dynamic and rewarding career, with opportunities to make a positive impact. It requires a unique skillset that combines strong communication skills, business knowledge, collaboration, with an in-depth understanding of emerging risks, threats, and new technology, which keeps the work interesting and challenging. Also requires specialized technical knowledge and competency in multiple risk domains including risk management, cyber security, privacy, and business resiliency. Third Party Risk Management continues to increase in importance and often the largest risk to organizations as they continue to increase their dependency on third parties by outsourcing business operations, which provides visibility at the top of the organization including the Board of Directors. Fun Fact "I am a fine art, nature, and wildlife photographer operating my own business. My photographic art is available for purchase at local galleries, art exhibits, and my website."

  • Mentorship | TPRA

    Recently joined a mentorship program or considering joining? Review these resources to ensure your experience is a success! All Categories Previous Category Next Category Mentorship Filter by Resource Type Blogs & Articles Podcast Ted Talk Found 6 Podcast Working Women Mentor Podcast The Working Women Mentor Podcast shines a spotlight on Women Owned Businesses, Women In Business, and Women Business Support. Check out our previous work on the Cracking The Female Business Code series! Recognized as Top 100 Career Minded And Working Women Podcasts Check It Out Meghan Schrader Friday, May 2, 2025 Blogs & Articles Reverse Mentoring – Why it is a must-have in 2023 Reverse mentoring is a practice where younger or less experienced employees are paired with more experienced executives or managers to share knowledge and insights. But it requires the right setting and a work culture where opinions and feedback are welcomed, and it needs to be structured properly to work well and to empower and develop learning. It usually works best in larger or siloed organisations where there is usually less mixing across the hierarchy or where the team is geographically not in the same space or spread apart. Check It Out Meghan Schrader Monday, May 1, 2023 Ted Talk 5 Questions to Ask a Mentor Valorie Burton is the author of thirteen books on personal development, founder of The Coaching and Positive Psychology (CaPP) Institute and an international speaker on resilience and happiness. She has spent more than 15 years studying the research of resilience, positive emotion and courage – and implementing it in her own life and with hundreds of clients from a dozen countries and nearly every state in the US. Her books include, It’s About Time, Successful Women Think Differently, Brave Enough to Succeed, among others. Check It Out Meghan Schrader Saturday, March 4, 2017 Blogs & Articles 35 Questions Mentors Should Ask Their Mentees Wondering what questions you should ask your mentee? This article outlines 27 of them, all of which will help you build a meaningful mentoring relationship that leads to growth. Check It Out Meghan Schrader Tuesday, May 23, 2023 Blogs & Articles What Efficient Mentorship Looks Like When we’re feeling drained, mentoring is one of the tasks that tends to fall by the wayside. But mentors don’t have to burn themselves out to be helpful and effective. This approach, called “fuel-efficient mentoring” by the authors, suggests how to be a mentor in an efficient manner that benefits mentees, growing their confidence and their network, but also conserves your energy. First, define boundaries and expectations, recognizing your own preferences; second, set a time budget that mentees can draw on; third, reconsider how you structure meetings with mentees and try group conversations; fourth, try virtual meetings; and finally, look for ways to turn other commitments, such as professional events, into mentoring opportunities. Check It Out Meghan Schrader Tuesday, August 25, 2020 Ted Talk How to Get a Mentor Mentoring and career expert, Professor Ellen Ensher, Ph.D., discusses tips on how to get a mentor during a TEDx talk at Loyola Marymount University in Los Angeles, CA. (http://www.ellenensher.com ). For more on this subject, and other tips on mentoring and careers, visit: http://www.ellenensher.com Check It Out Meghan Schrader Monday, June 10, 2013

  • Women Lead | Raquel Wilson

    Learn about Raquel Wilson, Third Party Risk, Senior Analyst for DocuSign, and TPRA's WNTPRM December 2023 Leader Spotlight. < See All < Previous Next > Raquel Wilson Third Party Risk, Senior Analyst DocuSign Biography Raquel's career started at DocuSign's Vulnerability Management team where she learned about how DocuSign did security. She then worked on the Compliance team, where she learned about security best practices and industry standards. The last five years, she has been in Third Party Risk Management, where she has learned about how many different companies handle security. Leadership Characteristics Clifton Strengths: Consistency, Discipline, Harmony, Futuristic, & Significance. Leadership Challenges Raquel has overcome everything life has thrown at her with teamwork, adaptability, resiliency, and focusing on simplicity. Key Take-a-ways "My favorite aspect of TPRM is being able to work with many different vendors and internal teams, everyday is something new!" Fun Fact Raquel has a small business, selling whipped tallow balm because she and her children suffered from embarrassing keratosis pilaris. Since she's discovered the incredible impact of tallow, she has seen a remarkable transformation and started selling her own homemade whipped tallow balm. (roxy.shop )

  • PromptArmor | Vendor Member Profile

    Learn more about PromptArmor, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > PromptArmor Risk Ratings/Intelligence Advocate Member CONTACT INFORMATION Shankar Krishnan Director shankar@promptarmor.com (908) 397-0919‬ PromptArmor enables TPRM teams to assess and continuously monitor the risk from AI in vendors. Their risk assessments let teams dive deeper into a vendor's AI risk with actionable control recommendations, vendor-specific questions, and mappings to top AI security frameworks. They're trusted by top organizations from the Fortune 100 to the AM Law 100, including top 10 global law firms. TOP PRODUCT FUNCTIONALITY CATEGORIES Continuous Monitoring of AI in Vendors Risk Intelligence of AI in Vendors Risk Ratings of AI in Vendors Threat Intelligence for AI Risk Quantification of AI Mapping to Top Frameworks (e.g. OWASP LLM Top 10) RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

  • SecurityScorecard | Vendor Member Profile

    Learn more about SecurityScorecard, a TPRA Partner Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > SecurityScorecard TPRM Platform Principal Member CONTACT INFORMATION events@securityscorecard.io SecurityScorecard is the global leader in cybersecurity ratings and the creator of Supply Chain Detection and Response (SCDR) — a new category of solutions helping organizations proactively secure their third-party ecosystems. Our flagship managed offering, MAX, goes far beyond traditional risk assessments. MAX continuously monitors your vendor landscape, prioritizes threats using breach likelihood models, and works directly with vendors to remediate vulnerabilities — all backed by human expertise from our Virtual Risk Operations Center (VROC). SecurityScorecard empowers organizations to gain visibility, reduce vendor risk, and respond to cyber threats before they become breaches. Whether you're a CISO needing executive-level risk reporting, a TPRM leader seeking operational scale, or a SOC team focused on real-time threat intel — SSC delivers outcomes, not just scores. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Supply Chain Detection and Response (SCDR) – SSC pioneered this category to help organizations proactively defend against third-party threats. Security Ratings – Industry-leading, continuously updated A–F ratings for over 12 million organizations worldwide. Real-Time Vendor Threat Detection – Detect and respond to supply chain cyber threats in real time, not after the fact. Managed Remediation with MAX – Expert-led third-party risk mitigation that reduces time, effort, and talent strain. Automated Assessments & Questionnaires – Validate responses and reduce vendor assessment fatigue by up to 83%. Zero-Day Threat Intelligence – Proprietary data collection and threat signal correlation to identify and alert on emerging vulnerabilities. Compliance & Regulatory Mapping – Align third-party programs with NIST, ISO, PCI-DSS, FFIEC, and more. Attack Surface & Vulnerability Intelligence – Uncover exploitable weaknesses across vendors and internal environments. Board-Level Reporting & Risk Quantification – Communicate cyber risk in business terms with trends, ROI insights, and threat likelihood models. Third-Party Risk Program Development – Services to mature or operationalize TPRM programs for organizations at any stage. RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES SecurityScorecard Included on the 2025 Inc. 5000 List of America’s Fastest-Growing Private Companies for the 2nd Time August 12, 2025 ADDITIONAL OPPORTUNITIES Previous Next

  • Trust Portal | TPRA

    A practical, industry-standard developed collaboratively by leading TPRM service providers and TPRA, to support third parties in building Trust Portals that enable proactive due diligence. Standard Trust Portal Guidance for Third Party Risk Management (TPRM) The Third Party Risk Association (TPRA), in partnership with leading third party risk management service providers, is pleased to provide TPRM professionals with the Standard Trust Portal Guidance for Third Party Risk Management (TPRM) . Definition A Trust Portal is a centralized hub that provides transparent, self-service access to security, compliance, privacy, and governance information pertaining to the (third party) organization. It enables prospects and customers to review security posture instantly, allowing TPRM practitioners to more easily and quickly evaluate the effectiveness of a third party's control environment. About the Guidance The Trust Portal Guidance establishes a standardized, industry-aligned approach to due diligence, reducing assessment effort through the creation and ongoing maintenance of transparent, evidence-based trust portals. The guidance aims to empower practitioners, vendors, regulators, and platform providers to align around a single, trusted model that reflects industry expectations and best practices for transparency, efficiency, and responsible evidence sharing. It also supports AI-driven TPRM technologies by standardizing evidence formats for automated review and analysis. How to Use it The Standard Trust Portal Guidance is intended to be shared by practitioners with their third parties and supply chain vendors as a practical resource to support the development, enhancement, and consistent operation of trust portals. This in-turn helps to standardize how security, risk, and compliance information is communicated to practitioners and TPRM service providers. By encouraging third parties to align with this guidance, practitioners can reduce friction in due diligence, improve transparency, and accelerate access to reliable information. Broad adoption across the industry will create a more consistent and scalable model for information sharing, ultimately making third party risk management more efficient for everyone involved. Benefits of a Trust Portal PRACTITIONERS Reduces questionnaire fatigue, improves review quality, and saves time through standardized, AI-friendly evidence formats. VENDORS/THIRD PARTIES Demonstrates maturity and transparency; less time answering one-off questionnaires. REGULATORS Encourages uniformity and accountability in demonstrating control effectiveness. SERVICE PROVIDERS Provides a shared framework to enable AI and automation in TPRM workflows. Download Now → This resource is in DRAFT and is currently open for comment . The comment period is from Monday, May 4th, to the end of business day on Friday, July 3rd. Once all comments are reviewed and edits are made to the document, a final version of the guidance will be released to the public. Please use the form linked below to submit comments. Submit Comments Download this Resource The Standard Trust Portal Guidance for TPRM First name Last name Position Company name Email* Yes, subscribe me to TPRA communications. Submit A link to download the resource will appear below once you submit. Trust Center Pillars TRANSPARENCY Open, accessible trust data for responsible risk decisions. EFFICIENCY Automated, reusable evidence. TRUST Verified information driving stronger partnerships. INNOVATION Enabling AI-ready, proactive due diligence. Acknowledgements & Contributors Thank you to the following organizations, which contributed perspectives and subject matter expertise to help shape this guidance (displayed in alphabetical order): Open for Comments Collaboration is at the heart of everything we do. With that in mind, we invite industry professionals to share comments and insights on this resource so we can continue to improve it for the benefit of the TPRM field. Submit Comments Open until July 3, 2026

  • Women Lead | Madiha Fatima

    Learn about Madiha Fatima, Director, Head of Third Party Risk Management for Angelo Gordon, and TPRA's WNTPRM March 2023 Leader Spotlight. < See All < Previous Next > Madiha Fatima Director, Head of Third Party Risk Management Angelo Gordon Biography Madiha Fatima is a Director and Head of Third Party Risk Management at Angelo Gordon, where she leads the development of Third Party Risk Management framework while enabling businesses to achieve their strategic objectives from utilizing service providers. Angelo Gordon is a leading global investment management firm headquartered in New York. Madiha oversees the firmwide Third Party Risk Management function including vendor cyber, technology, business continuity and data security assessments and governance. Madiha is a very well-known industry expert in risk management. She has been featured as Top 50 Women Leaders of New York as well as in Wall Street Journal and published in various magazines. Prior to joining Angelo Gordon, Madiha Fatima served as Head of Third Party Risk Governance & Oversight at DTCC. Madiha is a Certified Third Party Risk Professional (CTPRP). Madiha earned a Bachelor of Science in Financial and Capital Markets from Rutgers Business School. Leadership Characteristics D&I champion, Madiha launched various programs focused on women advancement in financial industry. She has been recognized and awarded the outstanding leadership award by Financial Industry awards hosted by DTCC and FICC. Leadership Challenges Madiha worked her whole career in a challenging environment showcasing her resilience by her continuous achievements throughout her career. She is one of the Top 20 youngest executives and rising stars of wall street. Key Take-a-ways "TPRM is one function where you have to be an expert in several different areas of risk management, strategy and operations to be successful. TPRM leaders are versatile and can provide effective leadership in many different areas due to their ability of being jack of all trades whether its cyber, regulatory, BCM or info sec, we challenge and do it all." Fun Fact "TPRM is the fun part about me; however, if I have to choose one thing outside my passion for TPRM, it would be cooking. I love cooking and find it very relaxing. I love trying different cuisines and from-scratch recipes."

bottom of page