Search Results

< Previous View Resource Library Next > VIDEOS TPRM 101: What Is Third Party Risk Management (TPRM)? Welcome to the Third Party Risk Association’s new series, Third Party Risk Management 101. This series is informed by our Third Party Risk Management Guidebook, a comprehensive guide for establishing a TPRM program, which will be available to all TPRM professionals in the coming months. This series is meant to be used as a starting point for those that wish to establish, validate, and/or enhance their Third Party Risk Management Program. Each video will walk through one of the six phases of the TPRM Program Life Cycle, which together create a strong TPRM program. But before jumping right into the Life Cycle, it is important we first understand the foundations of third party risk management , including basic definitions, risk types, calculating and evaluating risk, and finally, the basics of addressing risk exposure created by your third parties. "TPRM 101: What is Third Party Risk Management" is Part 1 of this series. WATCH

< Previous View Resource Library Next > VIDEOS TPRM 101: Pre-Contract Due Diligence (PCDD) - Part 1 In Part 1 of the Pre-Contract Due Diligence segment of TPRA’s TPRM 101 series, viewers are introduced to the framework for evaluating third-party risk before contract signature. This phase ensures that vendors are capable of meeting your operational, security, and compliance requirements before the relationship becomes formal. Key features include: Overview of the Pre-Contract Due Diligence structure and sections The importance of timing and sequencing risk assessments before onboarding Stakeholders involved in information gathering and validation Introduction to upcoming segments covering risk identification through reporting WATCH

< Previous View Resource Library Next > INFOGRAPHICS 5 Tips for Proactively Managing TPRM Regulatory Compliance If you're tired of scrambling for documentation, chasing down vendors for evidence, or rewriting the same compliance answers every exam cycle, this is for you. This one-page infographic is built with real TPRM pain points in mind: inconsistent monitoring, reactive audits, evolving regulations, and the pressure to prove your program’s worth with limited resources. It distills five actionable strategies into a visual format you can actually use—with your stakeholders, during training, or as a north star for revamping your vendor oversight. You’ll find guidance on mapping regulations, upgrading due diligence, monitoring with intention, and embedding compliance into your daily operations, not just during audit season. Because real TPRM maturity isn’t about checking boxes—it’s about building a program that works when things go wrong. This infographic helps you start there. Perfect for sharing with your team, your boss, or anyone who still thinks compliance is a once-a-year event. DOWNLOAD

< Previous View Resource Library Next > EBOOKS Third Party Risk Management (TPRM) 101 Guidebook TPRA’s TPRM 101 Guidebook is the most comprehensive, practitioner-built guide available for third-party risk professionals today. Developed over three years with input from experienced practitioners, subject matter experts, and service providers, this 150+ page resource is designed to meet you where you are—whether you're launching a new program or enhancing a mature one. The guidebook walks you through the entire TPRM lifecycle , providing not just theory but practical guidance you can implement immediately. With clarity and depth, it helps you build a program that’s not only compliant but resilient, scalable, and respected by leadership. Key Features Include: Step-by-step guidance across all TPRM lifecycle stages: planning, onboarding, risk assessment, monitoring, offboarding, and more Practical tools and templates for risk scoring, due diligence, contract reviews, and performance monitoring Real-world examples and use cases to help translate concepts into action Checklists and best practices you can apply directly to your current processes Tips for program enhancement , including scaling, cross-functional alignment, and regulatory mapping Insights from the TPRM community , including what’s working (and not working) across industries Alignment with regulatory expectations and common frameworks, from banking and healthcare to tech If you’ve ever struggled to find clear, actionable guidance in a rapidly evolving risk environment, this guidebook was made for you . Built by the community, for the community , the TPRM 101 Guidebook isn’t just a resource. It’s your foundation for confident, proactive third-party risk management. DOWNLOAD

< Previous View Resource Library Next > TRAINING ACTIVITY Leadership Ladders Originally developed by TPRA's Women in TPRM "Lead" work group, this training activity is designed for all current and aspiring leaders within the Third Party Risk Management (TPRM) industry. Each box on the board is linked to a valuable resource–including customized guides, blogs, videos, quizzes, and more–with the goal of enhancing your leadership potential through buildable skills and expert insights. Designed to first develop your core competencies as a leader, the board will then lead you through other scenarios that current and new leaders will face. Any professional, regardless of what stage they're at in their career, can find value in this activity. VIEW

< Previous View Resource Library Next > INFOGRAPHICS Establishing Accountability in Third Party Risk Management This resource, Establishing Accountability in Third Party Risk Management (TPRM) , provides a concise yet powerful framework for embedding accountability into TPRM programs. Built around the Three Lines of Defense model introduced by the Institute of Internal Auditors (IIA), the guide highlights how operational management, risk/compliance functions, and internal audit each play a distinct but interconnected role in protecting the organization from third-party risks. It outlines: First Line (Operational Management): Frontline teams managing vendors and risks directly. Second Line (Risk Management & Compliance): Dedicated teams ensuring oversight, building policies, and supporting consistent risk management practices. Third Line (Internal Audit): Independent assurance to evaluate effectiveness, verify compliance, and recommend improvements. The resource emphasizes that effective TPRM is not just about tools and processes , but about making accountability part of organizational culture. With clear responsibilities and a strong governance structure, TPRM professionals can drive transparency, reduce risk exposure, and enhance resilience. This downloadable guide is designed for any TPRM practitioner seeking a quick-reference tool to strengthen accountability within their programs. DOWNLOAD

< Previous View Resource Library Next > VIDEOS TPRM 101: Reporting on Residual Risk The final section of Pre-Contract Due Diligence, Reporting on Residual Risk , focuses on translating your risk findings into clear, actionable insights for approvers and stakeholders. This episode of TPRM 101 covers how to articulate the remaining (unmitigated) risk and ensure informed decisions are made before a third party is onboarded. Key features include: Techniques for summarizing complex risk data Report formatting for executive and operational audiences Aligning residual risk with organizational risk tolerance Documentation required for audit, legal, and regulatory purposes WATCH

< Previous View Resource Library Next > INFOGRAPHICS Why Automate Sanctions Monitoring? "Why Automate Sanctions Monitoring?" is a one-page infographic that outlines how automation improves the accuracy, speed, and consistency of sanctions screening. It highlights key automation capabilities such as continuous third party monitoring, executive and ownership screening, and automated flagging workflows. These features help organizations stay compliant with evolving global regulations, reduce the burden of manual checks, and quickly identify potential compliance risks. Use this infographic as a reference to better understand where automation fits in your TPRM process and how it can strengthen your overall compliance strategy. DOWNLOAD

< Previous View Resource Library Next > VIDEOS TPRM 101: Risk Escalation and/or Acceptance Risk Escalation and/or Acceptance is the sixth section of Pre-Contract Due Diligence and a key decision point in the TPRM lifecycle. In this video, TPRA walks through the processes of escalating unresolved risks, determining if exceptions are warranted, and ensuring accountability when accepting residual risks. Key features include: Governance and approval workflows for risk acceptance Exception management criteria and documentation How to involve senior leadership or risk committees Balancing business needs with regulatory and ethical obligations WATCH

< Previous View Resource Library Next > VIDEOS TPRM 101: Contract Review The third video in TPRA’s TPRM 101 series covers the Contract Review phase—an essential part of the third-party risk lifecycle that ensures business expectations are clearly defined, legally enforceable, and aligned with risk and compliance requirements. Key focus areas include: Identifying which contract clauses support TPRM controls Ensuring enforceability of risk and performance requirements Aligning terms with legal, regulatory, and operational obligations Collaboration between procurement, legal, and risk stakeholders Documenting rights related to audits, data use, termination, and reporting WATCH

< Previous View Resource Library Next > VIDEOS TPRM 101: Risk Identification Risk Identification is the fourth section of the Pre-Contract Due Diligence phase in the TPRM lifecycle. This video explores how to identify and categorize risks associated with third-party engagements—before contracts are signed and services begin. Key features include: Techniques for gathering data and documentation from vendors Risk domains to evaluate (e.g., information security, financial viability, compliance) How to align findings with business expectations and regulatory exposure Common red flags and how to investigate them further WATCH

< Previous View Resource Library Next > VIDEOS TPRM 101: Program Planning & Oversight In the second video of TPRA’s TPRM 101 series, we dive into Program Planning & Oversight , the first and most critical phase of the TPRM lifecycle. This phase equips your organization with the structural, strategic, and procedural requirements to launch and sustain an effective TPRM program over time. Key focus areas include: Establishing governance structures and program ownership Aligning TPRM with enterprise risk management goals Identifying internal stakeholders and their responsibilities Setting foundational policies, procedures, and standards Building a scalable oversight framework to support ongoing vendor risk efforts WATCH