Search Results

< Previous View Resource Library Next > VIDEOS TPRM 101: Risk Remediation In this segment of TPRM 101 , TPRA explores Risk Remediation , the fifth section of the Pre-Contract Due Diligence phase. This video guides you through the process of documenting discovered risks, creating mitigation plans, and collaborating with vendors to close gaps—before a contract is signed. Key features include: How to structure risk remediation plans Documentation strategies that support audit readiness Communication and negotiation best practices with vendors Ensuring mitigation aligns with business and regulatory expectations WATCH

< Previous View Resource Library Next > INFOGRAPHICS Creating a TPRM Budget "Creating a TPRM Budget" is a one-page infographic that provides a sample budget format to help risk management teams build and present a clear, effective budget. It outlines the essential components of a TPRM budget, including cost avoidance, operational resilience, return on investment (ROI), measurable key performance indicators (KPIs), and multi-year forecasting. By using this framework, organizations can showcase the value of their TPRM program, align with strategic goals, and gain executive buy-in for future investments. Download the infographic to use as a quick reference and support your next TPRM budget presentation. DOWNLOAD

< Previous View Resource Library Next > VIDEOS TPRM 101: What Is Third Party Risk Management (TPRM)? Welcome to the Third Party Risk Association’s new series, Third Party Risk Management 101. This series is informed by our Third Party Risk Management Guidebook, a comprehensive guide for establishing a TPRM program, which will be available to all TPRM professionals in the coming months. This series is meant to be used as a starting point for those that wish to establish, validate, and/or enhance their Third Party Risk Management Program. Each video will walk through one of the six phases of the TPRM Program Life Cycle, which together create a strong TPRM program. But before jumping right into the Life Cycle, it is important we first understand the foundations of third party risk management , including basic definitions, risk types, calculating and evaluating risk, and finally, the basics of addressing risk exposure created by your third parties. "TPRM 101: What is Third Party Risk Management" is Part 1 of this series. WATCH

Learn about TPRA's current certifications, specifically designed for third party risk professionals! Earn the Gold Standard in Third Party Risk Management (TPRM) Certification The Third Party Risk Association (TPRA) is proud to offer a professional certification program tailored specifically for third party risk management (TPRM) professionals. This comprehensive certification is designed to validate your expertise, enhance your professional credibility, and position you as a leader in the evolving field of TPRM. Why Get Certified by TPRA? 1. Industry Recognition TPRA’s certification is recognized as a mark of excellence in TPRM. By earning this credential, you demonstrate your advanced knowledge, practical skills, and commitment to upholding best practices in managing third party risks. 2. Career Advancement Certification opens doors to new career opportunities, promotions, and increased earning potential. Employers value certified professionals for their ability to mitigate risks effectively and safeguard organizational resilience. 3. Comprehensive Learning Our certification program encompasses all critical aspects of TPRM, including risk assessment, regulatory compliance, vendor lifecycle management, and emerging risks. You’ll gain actionable insights to tackle real-world challenges with confidence. 4. Networking Opportunities Joining the ranks of TPRA-certified professionals connects you to a growing community of TPRM leaders. Engage in exclusive forums, industry events, and peer discussions that enrich your professional journey. 5. Staying Ahead of the Curve As third party risk landscapes evolve, TPRA certification ensures you stay updated with cutting-edge practices and emerging trends, maintaining your relevance in the field. Who Should Pursue Certification? Third party risk practitioners seeking to validate their expertise Risk management professionals aiming to specialize in TPRM Compliance, procurement, and information security specialists Managers and leaders overseeing vendor and supply chain risks How to Get Certified Prepare: Enroll in TPRA’s tailored preparation courses and access study resources designed to help you master the certification material. Qualify: Meet eligibility requirements based on professional experience and education. Examination: Pass the comprehensive TPRA Certification Exam to showcase your mastery of TPRM principles and practices. Maintain: Keep your certification current by participating in continuing education opportunities and staying engaged with TPRA activities. Benefits Beyond Certification By earning TPRA certification, you not only strengthen your personal expertise but also contribute to raising the standards of the TPRM profession. Certified professionals are equipped to create safer, more resilient organizations in an interconnected world. Take the Next Step Elevate your career and join the ranks of the most trusted TPRM professionals in the industry. Explore TPRA’s certification program today and start your journey toward excellence in third party risk management! Certifications We Offer More Coming Soon! Third Party Cyber Risk Assessor (TPCRA) Certification Learn More In order to maintain your certification status, earners must participate in 20 hours of Continuing Professional Education (CPE) per year. On an annual basis, earners will be required to renew their certification ($100 for Standard, Vendor, and Non-members OR $85 for Premium Members) and submit evidence of at least 20 hours of credits. Renew Your Certification TPRA has partnered with Credly Digital Credentials to provide you with your certification designation that can be shared via your social media platforms. Learn more about Credly Digital Credentials, what to expect, how to accept and access your Digital Credentials, and how to share! Learn More

Learn about Corina Reymer, AVP, Information Security for The Walt Disney Company / Partners Federal Credit Union, and TPRA's WNTPRM December 2025 Leader Spotlight. < See All < Previous Next > Corina Reymer AVP, Information Security The Walt Disney Company / Partners Federal Credit Union Biography Corina worked passionately for 24 years at Rockwell Automation in enterprise application lifecycle, global process and organizational transformation, IT portfolio management for HR, Finance, and the Office of the General Counsel. She left IT to form the Third Party Risk program in the Office of the CISO. Her second career pivot was into the Legal team as Privacy and Cyber Law Program Manager, where she launched the all-new Office of Privacy and Cybersecurity Counsel (OPCC) with the Chief Privacy Officer. Finally, she accepted her current position as AVP of Information Security at The Walt Disney Company within its federal credit union. Leadership Characteristics I possess an iD style according to the Everything DiSC Management Profile. This style means that I am primarily Influential yet leaning heavily towards Drive. My priorities are listed as Action, Encouragement, and Drive, and I fully agree! However, my personality also stretches into Collaboration and Objectivity which is noted as atypical for my style and I feel necessary for influential positions. Leadership Challenges Career pivots are critical to being a great leader. Being able to understand multiple perspectives strengthens your partnerships and increases your value. RESULTS through RELATIONSHIPS. This includes your internal and third party relationships to build trust, enable efficient processes, and foster effective communication. Key Take-a-ways You learn the most when you are uncomfortable. When you are too comfortable, welcome change to enable further growth. This applies to everything in life, but specific to this conversation, how comfortable you are with the maturity of your programs. Fun Fact I reside in Mequon, Wisconsin, with my husband, two children, and four canines. I am a champion French Bulldog breeder. I love doing taxes. I love change. I love negotiating contracts, building or rebuilding programs, and other impactful and influential efforts.

Leverage this list of third party risk management service providers in various categories to find the right vendor for your needs. TPRM Tools At the Third Party Risk Association, we know that finding the right vendor for your needs can be a challenge. Often, organizations may not even be aware of the potential vendors in the space. We're aiming to compile an exhaustive list of TPRM vendors across various categories to make your life a little easier. This list of TPRM Vendors is not affiliated with the TPRA, and the TPRA does not receive any monetary gain from listing them below. If you are a TPRM Vendor and would like to be included in the list below, please email Heather Kadavy at heather.kadavy@tprassociation.org . Filter by Category Select Category Filter by TPRA Membership Select Status Search by Organization Select Organization Number found: 139 Search Clear Filters Category Name TPRA Member? URL GRC Platform 360Factors Inc No https://www.360factors.com GRC Platform Acuity Risk Management No http://acuityrm.com GRC Platform Archer Integrated Risk Management No https://www.archerirm.com/third-party-governance GRC Platform AuditBoard No https://auditboard.com/contact-us/request-demo?utm_medium=tooklist&utm_source=tpra&utm_content=cta GRC Platform CoreStream No http://corestreamplatform.com GRC Platform DVV Solutions TPRM No https://www.dvvs.co.uk GRC Platform Diligent No https://www.diligent.com/ GRC Platform Ethico No http://www.ethico.com GRC Platform LogicGate No http:// https://www.logicgate.com/solutions/third-party-risk-management/ GRC Platform LogicManager No https://www.logicmanager.com/ GRC Platform MetricStream No https://www.metricstream.com GRC Platform Navex No https://www.navex.com/en-us/products/navex-irm-integrated-risk-management/third-party-risk-management/ GRC Platform Onspring No https://onspring.com/solutions/governance-risk-compliance/third-party-risk-management/ GRC Platform OpenPages GRC by IBM No https://www.ibm.com/products/openpages-with-watson?utm_content=SRCWW&p1=Search&p4=43700070084211913&p5=p&gclid=f61d865decc71a305683e4bf26ab6b2c&gclsrc=3p.ds GRC Platform Reasonable Risk No https://www.reasonablerisk.com/ GRC Platform RiskOptics formerly Reciprocity No https://reciprocity.com/ GRC Platform SAI 360 GRC No https://www.sai360.com/ GRC Platform SAP Risk Management No https://www.sap.com/products/financial-management/risk-management.html GRC Platform ServiceNow GRC No https://www.servicenow.com/products/governance-risk-and-compliance.html GRC Platform Standard Fusion No https://www.standardfusion.com/ GRC Platform TutelaSolutions No https://www.tutela-solutions.com/ Research & Educational Community Cloud Security Alliance (CSA) Yes https://cloudsecurityalliance.org/ Research & Educational Community Dynamic Standards International (DSI) Yes https://dsi.org/about Research & Educational Community FAIR Institute Yes https://www.fairinstitute.org Research & Educational Community Global Resilience Federation (GRF) Yes https://www.grf.org/ Research & Educational Community High Risk Education Yes https://www.highriskeducation.com/ Research & Educational Community High Risk Education No https://www.linkedin.com/company/highriskeducation/posts/?feedView=all Risk Ratings/Intelligence Argos Risk No https://argosrisk.com Risk Ratings/Intelligence Bitsight Yes https://www.bitsight.com Risk Ratings/Intelligence Black Kite Yes https://blackkite.com/ Risk Ratings/Intelligence Blackwired Pte Ltd No https://www.blackwired.com Risk Ratings/Intelligence BreachSiren Yes https://breachsiren.com Risk Ratings/Intelligence Continuity Strength Yes https://continuitystrength.com/corporate-support Risk Ratings/Intelligence Cybercert.ai No https://cybercert.ai Risk Ratings/Intelligence Cyberwrite No https://www.cyberwrite.com/ Risk Ratings/Intelligence Dark Sky Technology, Inc. No http://www.darkskytechnology.com Risk Ratings/Intelligence Dun & Bradstreet No https://www.dnb.com/solutions/manage-supplier-risk.html Risk Ratings/Intelligence FortifyData No http://www.fortifydata.com Risk Ratings/Intelligence GRMS | Global Risk Management Solutions No http://www.GlobalRMS.com/Difference Risk Ratings/Intelligence ISS Corporate Solutions No https://www.isscorporatesolutions.com/solutions/security-suite/ Risk Ratings/Intelligence Interos Yes https://www.interos.ai/ Risk Ratings/Intelligence Ionix previously Cyberpion No https://www.ionix.io/ Risk Ratings/Intelligence KHARON No https://www.kharon.com/ Risk Ratings/Intelligence Ncontracts No https://www.ncontracts.com/ Risk Ratings/Intelligence Orpheus Cyber No https://www.orpheus-cyber.com Risk Ratings/Intelligence Owlin No http://www.owlin.com Risk Ratings/Intelligence Panorays No https://www.panorays.com Risk Ratings/Intelligence PromptArmor Yes https://www.promptarmor.com Risk Ratings/Intelligence RapidRatings No https://www.rapidratings.com/ Risk Ratings/Intelligence Recorded Future No https://www.recordedfuture.com Risk Ratings/Intelligence RiskRecon by Mastercard Yes https://www.riskrecon.com Risk Ratings/Intelligence Semantic Visions Yes https://www.semantic-visions.com/ Risk Ratings/Intelligence Sentrisk No https://www.marshmclennan.com/sentrisk.html Risk Ratings/Intelligence Supply Wisdom Yes https://www.supplywisdom.com/ Risk Ratings/Intelligence TRaiCE No https://www.traice.io Risk Ratings/Intelligence Tenchi Security No https://www.tenchisecurity.com/en Risk Ratings/Intelligence The Smart Cube, a WNS company No https://www.thesmartcube.com/solutions/procurement-supply-chain/supplier-risk-intelligence/ Risk Ratings/Intelligence UpGuard No https://www.upguard.com/ Risk Ratings/Intelligence Vendict No https://www.vendict.com/ Risk Ratings/Intelligence Veridion No https://veridion.com/ TPRM Platform Aprovall No https://www.aprovall.com/en/ TPRM Platform Aravo Yes https://www.aravo.com TPRM Platform Atlas Systems Yes https://www.atlassystems.com/solutions/third-party-risk-management TPRM Platform Blue Umbrella No http://www.blueumbrella.com TPRM Platform Censinet No https://www.censinet.com TPRM Platform Certa.ai Yes https://certa.ai TPRM Platform Clarity360 (Kroll) No https://www.krollclarity.com/ TPRM Platform Coverbase Yes https://coverbase.ai/ TPRM Platform Crossword Cybersecurity No https://www.crosswordcybersecurity.com/ TPRM Platform CyberGRX (now ProcessUnity) No https://www.cybergrx.com TPRM Platform DSALTA No https://www.dsalta.com/ TPRM Platform DocuBark Yes https://docubark.com/ TPRM Platform DoubleCheck Software No http://www.doublechecksoftware.com TPRM Platform EthixBase360 (formerly EthixBase) No https://ethixbase360.com/ TPRM Platform Exiger Yes https://www.exiger.com/ TPRM Platform Fabrik Yes https://www.thetrustfabrik.com/ TPRM Platform Findings No https://findings.co/ TPRM Platform Fortress No https://fortress.ai/ TPRM Platform Gatekeeper No https://www.gatekeeperhq.com TPRM Platform GraphiteConnect No https://www.graphiteconnect.com/ TPRM Platform Hellios Information No https://hellios.com/ TPRM Platform Kobalt Labs No https://www.kobaltlabs.com/ TPRM Platform Lema Yes https://www.lema.ai/ TPRM Platform Locktivity Yes https://www.locktivity.com/ TPRM Platform Mirato Yes https://mirato.com/ TPRM Platform MyRiskShield No https://www.myriskshield.com/ TPRM Platform OneTrust Yes https://www.onetrust.com TPRM Platform Perimeter (formally ProcessBolt) No https://perimeter.net/ TPRM Platform Prevalent No https://www.prevalent.net TPRM Platform ProcessUnity Yes https://www.processunity.com TPRM Platform Protecht No https://www.protechtgroup.com/en-us/ TPRM Platform Resilinc No http://www.resilinc.ai TPRM Platform Risk Ledger No https://riskledger.com/ TPRM Platform Safe Security Yes https://safe.security/ TPRM Platform SecurityScorecard Yes https://www.securityscorecard.io TPRM Platform Shift Security No https://www.shift.security/ TPRM Platform Smarsh (formerly Privva) No https://www.smarsh.com/platform/cybersecurity-risk-management/vendor-risk-management TPRM Platform Sphera (formerly RiskMethods) No https://sphera.com/supply-chain-risk-management/ TPRM Platform Start No https://www.startvrm.com/ TPRM Platform TDI No https://tdinternational.com/ TPRM Platform TEKRiSQ Yes http://TEKRiSQ.com TPRM Platform ThirdPartyTrust (a Bitsight company) No https://www.thirdpartytrust.com TPRM Platform Trust Your Supplier No https://trustyoursupplier.com/ TPRM Platform TrustExchange No https://www.trustexchange.com TPRM Platform VISO TRUST No https://www.visotrust.com TPRM Platform Vanta Yes https://vanta.com TPRM Platform Velocity (Stern Security) No https://www.velocitysec.com/ TPRM Platform VendorRisk No https://www.vendorrisk.com TPRM Platform Vendorly No https://www.vendorly.com/ TPRM Platform Venminder, an Ncontracts Company Yes https://www.venminder.com TPRM Platform Whistic No https://www.whistic.com TPRM Platform myCYPR No https://www.mycypr.com/ TPRM Services AML RightSource No http://www.amlrightsource.com TPRM Services BDO USA No https://www.bdo.com TPRM Services CRFQ Yes https://www.crfqnow.com/ TPRM Services Cadre No https://www.cadre.net TPRM Services CastleHill Risk No https://www.castlehillrisk.com TPRM Services Certificial, Inc. No http://www.certificial.com TPRM Services ComplyScore No https://www.complyscore.com TPRM Services Copeland BUHL No https://www.copelandbuhl.com/ TPRM Services Crowe No https://www.crowe.com/services/consulting/third-party-risk-management TPRM Services Defentrix No https://www.defentrix.com/ TPRM Services Dixon Hughes Goodman No https://www.dhg.com/services/advisory TPRM Services Evident ID No https://www.evidentid.com TPRM Services Grant Thorton No https://www.grantthornton.com/services/advisory-services/cybersecurity-and-privacy/third-party-risk TPRM Services GuidePoint Security No http://www.guidepointsecurity.com TPRM Services HITRUST Yes https://hitrustalliance.net/ TPRM Services ITPN No http://www.ITPeopleNetwork.com TPRM Services RSM US Yes https://rsmus.com/ TPRM Services S&P Global Market Intelligence Yes https://www.spglobal.com/marketintelligence/en/mi/products/ky3p.html TPRM Services Schneider Downs No https://www.schneiderdowns.com/third-party-risk-management TPRM Services SecureCrest No https://www.securecrest.com TPRM Services Securis360 Inc. Yes https://securis360.com TPRM Services Sidekick Security No https://sidekicksecurity.io/third-party-risk-management/ TPRM Services Source Callé No https://www.sourcecalle.com TPRM Services TUV OpenSky No https://www.tuvopensky.com TPRM Services Truvo Cyber No http://www.Truvo.ca TPRM Services VIVIDedge No https://www.vivid-edge.com/ TPRM Services Vendor Centric No https://www.vendorcentric.com

Learn more about PromptArmor, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > PromptArmor Risk Ratings/Intelligence Advocate Member CONTACT INFORMATION Shankar Krishnan Director shankar@promptarmor.com (908) 397-0919‬ PromptArmor enables TPRM teams to assess and continuously monitor the risk from AI in vendors. Their risk assessments let teams dive deeper into a vendor's AI risk with actionable control recommendations, vendor-specific questions, and mappings to top AI security frameworks. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Continuous Monitoring of AI in Vendors Risk Intelligence of AI in Vendors Risk Ratings of AI in Vendors Threat Intelligence for AI Risk Quantification of AI Mapping to Top Frameworks (e.g. OWASP LLM Top 10) RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES PromptArmor is offering TPRA members an exclusive 10% discount on any new agreements. DISCOUNT PromptArmor is offering TPRA members an exclusive 10% discount on any new agreements. Depending on when you sign up, you may be able to access additional discounts! PromptArmor helps teams identify AI in vendors, continuously monitor for new features and risks, and assess vendors for novel AI risks. Link to access this discount: https://www.promptarmor.com/tpra-discount If you have not seen it yet – here is also a free, on-demand AI Security Executive Course designed for your teams to get up to speed on the latest updates on AI risk, built in collaboration with TPRA and PromptArmor In case you haven’t checked it out already you can access the sign up here: https://www.tprassociation.org/certificate-program Previous Next

TPRM Service Provider start-ups are invited to join the TPRA as Incubator Members! Apply now! TPRA Incubator Program Welcome to the TPRA Incubator Program, created to be a catalyst for transformative innovation in third party risk management (TPRM) Read More Inquire About Membership About Mission Empower and accelerate the success of innovative third party risk management startups through a comprehensive incubator program. We strive to foster a collaborative ecosystem that provides mentorship, resources, and networking opportunities, enabling startups to navigate challenges, develop cutting-edge solutions, and establish a robust presence in the evolving landscape of risk management. Vision To be a catalyst for transformative innovation in third party risk management, fostering a dynamic ecosystem where startups thrive in pioneering solutions that redefine industry standards. We aspire to build a global community of resilient and adaptive risk management leaders who contribute to a secure and trustworthy business environment. Through our incubator program, we envision a future where emerging startups play a pivotal role in shaping the evolution of risk management practices, driving sustainability, and ensuring resilience in an ever-changing landscape. Transforming the Industry Together Incubator Participants Who Can Participate Inquire About Membership Innovative Third Party Risk Management Startups Only start-up organizations within the Third Party Risk Management space Start-up must be five years old or less and/or within the pre-seed, seed, or early stage (Series A and Series B) Start-ups must not bring in more than $500,000 of revenue annually from product/service offerings Must complete an application and potentially an interview Must provide evidence of the revenue the organization generates from products/services within their last and/or current financial year TPRA retains the right to deny any organization and/or individual entry into the Incubator Program for any reason Goals & Activities The goals and activities of the Incubator Program are to assist with removing roadblocks within the community to allow for better communication, tighten feedback loops to ensure community needs are addressed, and to be a catalyst for innovation within the community. The program will also allow for a common lexicon when speaking about TPRM programs and the value they bring to organizations. Below are the goals and activities related to the TPRA’s Innovator Program: 1 TPRA Vendor Membership Receive “Incubator Status” Vendor Membership based on the Program Tier structure below. Would receive all of the benefits of an “Advocate” Member. Benefits include: Orientation & On-boarding Three website accounts Quarterly updates Invitations to practitioner meetings Website Access Service Provider Profile LinkedIn Welcome Message Share your resources, events, surveys, & job openings with TPRA members Newsletter Spotlight & Links to Blogs Write blogs for TPRA 3 Access to Resources Share TPRA resources, webinars, and training opportunities. TPRA will create a website to share external resources for Incubator Program members only (to include company names and URLs for investment firms, other incubator programs, and other start-up accelerators). 5 Training & Skill Development Incubator participants may attend TPRA webinars, events, and activities on the website to enhance TPRM skill development. 7 Lead Generation Opportunities TPRA to provide incubator participants with discounts on conference sponsorships and demo opportunities. Sponsorships come with opt-in lists. TPRA to create a site for Practitioners to submit RFPs for TPRM tools and for incubator participants (as well as TPRA Vendor Members) to respond to them. 9 Feedback & Improvement of Incubator Program From time to time, participants will receive surveys that request feedback on the Incubator Program. Responses will be used to continually enhance the program. 2 Start-Up Advisory Council Set up regular 1:1 meetings (most likely quarterly) with select practitioners (based on industry and company size) to provide program participants with feedback on their products/services. This can also assist with the incubator program participant figuring out their product market fit, target market, and product/service pitch. Can also assist with the participant better understanding if they are addressing their market’s TPRM pain points. TPRA to create a site for Practitioners to note TPRM pain points and/or note request for innovation. (Note: Can have the community vote on what they would like to see the most.) Incubator Participants would be able to access this list. 4 Network Opportunities TPRA will create network opportunities to introduce incubator program participants other program participants, practitioners, and other service providers. 6 Brand Awareness TPRA to note the incubator participant’s organization on the TPRA website (within Service Provider Profile), highlight the organization on LinkedIn, and note the organization as a spotlight within one of the TPRA’s quarterly newsletters. 8 Collaboration on Additional Resources In collaboration with TPRA, may participate in educational trainings, research, & content creation (such as blog posts, whitepapers, & videos). Inquire About Membership Heather Kadavy Senior Membership Success Coordinator heather.kadavy@tprassociation.org Follow on LinkedIn > TPRM Service Provider Membership Inquiry Complete this form if you are interested in one of TPRA's Service Provider Membership options (Vendor Membership, Incubator Program, Consultant Catalyst). Our team will reach out to you as soon as possible with further details on plan benefits and pricing. First name* Last name* Job Title* Organization* Email* Phone Which membership option are you interested in? Vendor Membership – For established TPRM Service Provider organizations (TPRM Platform, GRC Platform, Risk Rating/Intelligence Tool, TPRM Services, etc.). Incubator Program – For Start-Up TPRM Service Provider Organizations looking to gain insight, support, and promotion. Consultant Catalyst – For single, Independent Consultants or Boutique Advisory Firms specializing in third-party risk management services. Other Anything else we should know? Submit

Learn more about Lema, a TPRA Advocate Member, through this comprehension profile, including a bio, product functionality, contact info, and more. < Main Page < Previous Next > Lema TPRM Platform Advocate Member CONTACT INFORMATION Eddie Dovzhik CEO contact@lema.ai Lema.AI helps organizations build a resilient third-party ecosystem that ensures business continuity. Lema continuously monitors how each third party interfaces with your business units and critical assets, collects intelligence feeds on their activities, and automatically detects gaps in their attestations—powering automated vendor assessments and discovery, enabling real-time risk mitigation, and minimizing the business impact of third-party incidents. Show More TOP PRODUCT FUNCTIONALITY CATEGORIES Automatic third-party artifact gap analysis Automated controls validation Actionable risk findings One-click evidence of due diligence Continuous third-party reassessment Third-party threat intelligence feed Third-party incidents alerts Monitoring third-party interfaces with your critical assets Monitor third-party usage by business Detecting unsanctioned third-parties RESOURCES FROM THIS VENDOR MEMBER Load More EVENTS FROM THIS VENDOR MEMBER NEWS & UPDATES ADDITIONAL OPPORTUNITIES Previous Next

Our Mentorship Program is open to ANYONE in the TPRM industry. Our goal for this program is to align mentors and mentees to address and support the needs of our membership. Become a mentor or mentee! Mentorship Program Our Mentorship Program is open to anyone , regardless of TPRA membership or gender identity. Our goal for this program is to align mentors and mentees to address and support the needs of the TPRM community. Please be sure to review participant expectations prior to applying. Mentor & Mentee Expectations By setting clear guidelines and expectations, both mentors and mentees can derive maximum value from the mentorship program, fostering a positive and productive mentoring relationship. Here is a list of guidelines and expectations for program participants: Commitment Meetings & Time Management Communication Confidentiality Preparation & Discussion Topics Cultural Sensitivity Professionalism Feedback & Evaluation Rematch Guidelines Mentorship relationships are intended to last a year with at minimum quarterly discussions; however, Mentors and Mentees can determine the appropriate length of the relationship based on needs. Demonstrate a strong commitment to the mentorship program and the development of the mentee. Allocate sufficient time for regular meetings (30 - 60 minutes on average). While Mentors will facilitate and serve as role models in this relationship, by participating in the program, both Mentors and Mentees will come prepared with topics for one another, and be available, receptive, committed, and honest with each other. If the mentor and/or mentee hasn't reached out and/or responded within one month of receiving your match email, then please complete our Rematch Form (below) to receive a new mentor or mentee. It is the responsibility of the mentor to schedule regular, reoccurring meetings based on the meeting frequency agreed upon by both parties, to maintain a consistent connection. Respect your mentor/mentee's time by being punctual and prepared for meetings. Manage your time effectively to balance mentoring with other commitments. Mentor to reach out to the mentee as soon as the match is made and discuss how often to meet (may not be the frequency you selected on your mentor/mentee form). Respond to emails, calls, or messages in a timely manner (within 3 business days of receiving). Maintain open and transparent communication with the mentor/mentee. Actively listen to the mentor/mentee's concerns, questions, and feedback. Anything discussed within the mentor/mentee relationship is confidential. Avoid sharing sensitive information without explicit consent. Come to meetings well-prepared with specific topics or questions to discuss. Be proactive in setting the agenda for your mentoring sessions. Mentors and mentees are responsible for creating topics for each meeting. Mentees can share what they hope to get out of the conversations and mentors can share what they are subject matter experts in. If the mentee does not have any specific topics to discuss, the mentor should be prepared with a list of topics. Be aware of and respect cultural differences. Foster an inclusive and supportive environment for the mentor/mentee. Provide regular feedback on the mentee's progress. Be open to receiving feedback from the mentee and adjust the mentoring approach accordingly. Feedback forms will be provided to program participants on a quarterly basis to ensure they are getting the most out of their mentor/mentee relationship, as well as the mentorship program overall. Conduct yourself in a professional manner in all interactions. Uphold ethical standards and maintain confidentiality as required. Model professional behavior and ethical conduct. Uphold the values and standards of the organization or industry. If any of the following apply to you, please follow the instructions below. You are no longer interested in participating in the Program. You have not received a response from your match, or your match has stopped responding. You have completed the mentorship relationship (goals were met). You and/or your match have changed jobs/roles and no longer qualify for this Program. You wish to be matched with someone else. You were matched by mistake (already have a match, didn't apply to this program, etc.) Next Steps: Complete the "Termination & Rematch" form below . Please also inform your mentorship partner of your decision. Please remember that we match mentors and mentees when there are enough submissions. This may result in a longer wait time. If your rematch is time-sensitive , please specify that in the "Anything else we should know?" section of the form. If you have any other questions or concerns regarding the Mentorship Program, please contact Kelsey Haney at kelsey.haney@tprassociation.org . Mentorship Program Application The Third Party Risk Association (TPRA) is excited that you have chosen to participate in our Mentorship Program. Anyone may apply to be a mentor or mentee within this program, regardless of gender identity. If it is your goal to be matched with a TPRM professional of a specific gender, please contact TPRA or note your preference below. Application Process In order to be properly matched with a mentor/mentee, please complete the application below. Following submission of the form, you will receive an automated email confirming the success of your submission. Check your junk email for this message. Once you have been matched with a mentor or mentee, you will be notified via email. Please keep in mind that we match mentors and mentees when there are enough submissions . This may result in a longer wait time. If your rematch is time-sensitive , please specify that in the "Anything else we should know?" section of the form. Once you have received your match, you may begin the mentorship relationship by setting up your first meeting. Things to Keep In Mind TPRA does not provide oversight or direction on your mentorship relationship. It is up to the mentorship pair to decide the direction of the experience. While the Mentor will facilitate and serve as a role model in this relationship, by participating in this program, both Mentor and Mentee should come prepared with topics for each other and be available, receptive, committed, and honest with each other. TPRA will send out an annual feedback form, checking in on the experience of participants. We look forward to hearing back from you on the success of the program. If you have any other questions or concerns regarding the Mentorship Program, please contact Kelsey Haney at kelsey.haney@tprassociation.org . First name* Last name* Title/Role* Organization* Email* Phone* Please note your organizations industry.* LinkedIn URL* Country/Region of Residence* Time Zone* Have you previously applied to TPRA's Mentorship Program?* Yes No Would you like to be a Mentor, Mentee or both? * Mentor Mentee Both Do you have a preference on the gender-identity of your mentor/mentee?* Woman Man No Preference Please indicate your gender-identity.* Man Woman Non-binary Prefer not to say Other This allows us to attempt to meet the preferences of our applicants indicated in the question prior. What do you hope to gain from this relationship or experience? Select all that apply.* TPRM Benchmarking Leadership Characteristics Soft Skills Other How often would you like to meet? While the program is meant to be a year-long, the Mentor/Mentee will determine the appropriate length of the partnership.* Monthly Quarterly Other Tell us a bit about yourself or provide a fun fact.* Anything else we should know? I agree to keep mentoring conversations confidential. * I agree to adhere to the expectations outlined above. * I understand that this Mentorship Program is open to anyone , regardless of gender identity, and that I may be matched with a TPRM professional of any gender. * Submit Note: If you experience issues submitting the form, please email Meghan at meghan.schrader@tprassociation.org . Relationship Termination & Rematch Please complete this form if you have/wish to end your current mentorship relationship, need to be rematched, or wish to withdraw from the program. First name* Last name* Job Title* Organization* Email* Feedback on Current Relationship What is the reason for terminating the current mentor/mentee relationship? * Relationship concluded naturally (Mentorship goals were met) Scheduling conflicts No response after multiple attempts to contact Want to change mentorship position preference (e.i. Mentor wanting to become Mentee) I or my partner have changed jobs/roles within our company Matched by mistake (e.g., didn’t apply, already have a match) Other Feel free to provide further details, if necessary. How would you rate your experience with your mentor/mentee relationship?* Excellent Good Neutral Poor Other Do you have any suggestions for improving the mentorship program? Future Participation Are you interested in being rematched and continuing in the mentorship program?* Yes, I would like to be rematched. No, I would like to be removed from this program. I already have a match and do not need a rematch. Anything else we should know? Submit

Explore the benefits of TPRA Membership. Access resources, training, and a strong TPRM network to grow your skills and advance your risk program. PROFESSIONAL EDUCATION Enhance your TPRM knowledge TPRA Members gain access to expert-led monthly & quarterly meetings on topics they want to hear about, cutting-edge research & industry insights, TPRM-specific conferences, current resources, and more, all designed to enhance your professional knowledge for innovative and successful risk management. TPRA also provides members with Continuing Professional Education (CPE) Credits to ensure you can maintain existing security and risk-related certifications! EXPAND YOUR NETWORK Network with fellow Practitioners As the threat landscape grows in complexity & regulations require organizations to review their third parties with a more focused lens, networking & benchmarking with peers has never been more important. TPRA Membership provides you with a variety of opportunities to network and discuss with TPRM professionals worldwide and across all industries and maturity levels. Through our members-only forum, quarterly online network events, in-person meet-ups, conferences, meetings, and more, you can build valuable relationships with practitioners and service providers to share knowledge and gain advice from those who have been right where you are now. EXPERT INSIGHTS Discover resources on all things TPRM TPRA Members gain access to a large repository of TPRM resources, including templates, white papers, tools, checklists, eBooks, reports, survey results, toolkits, infographics & more! Resources come from a wide range of sources, such as government websites & regulators, TPRM service providers, and others. In addition, TPRA's monthly Third Party Risk Insight Work Group works as a community to create customizable resources for our members to use in their own programs, including templates, questionnaires, & even our TPRM 101 Guidebook ! Join over 2,000 TPRM Professionals! The all-in-one source for Third Party Risk Management (TPRM) tools, templates, training, networking, certifications, and industry best practices. As the only vendor-agnostic, not-for-profit professional association for TPRM Professionals, you will be joining a group of over 2,000 Leaders, to include Fortune 500 companies, that have already said 'YES' to advancing the TPRM industry as a community. So, what are you waiting for? Take the next step in advancing your career and enhancing your TPRM program with TPRA Practitioner Membership! It's FR EE! JOIN NOW View Plans 1/10 WHY JOIN? Our vision is simple, to be the global voice and standard for the third party risk profession! But we cannot do that without our members. We are the only vendor-agnostic, not-for-profit, professional association that exists to further the profession of third party risk through knowledge sharing and networking as a community. Our organizational objectives include, but are not limited to, promoting the value that third party risk professionals and practitioners add to their organizations; educating community members and other relevant audiences on best practices in third party risk; researching and disseminating information on third party risk tools and techniques; and building third party risk guidance as a community. No matter where you are in your TPRM journey... Whether you are a practitioner just developing your third party risk program, or you've established a more mature program, it has never been more important to benchmark off your peers. This professional association is built on and requires the participation of practitioners from programs of all shapes and sizes. Furthering the profession of third party risk through knowledge sharing and networking. In addition to providing you with opportunities to network and interact with fellow practitioners, the TPRA also provides you with Continuing Professional Education (CPE) Credits to ensure you can maintain existing security and risk-related certifications! Attending our monthly meetings and two conferences at a minimum will provide you with 25 CPEs every year! Come join our fast growing community of third party risk leaders! Why Join Practitioner Member Plans For those who identify, assess, monitor, mitigate, manage, etc. risks associated with third parties for their own organization. 1 Standard Practitioner Membership FREE No conditions, no time limit, and no catch. TPRA Standard Practitioner Membership is free for as long as you want it. Cancel anytime. Monthly & Quarterly Meetings on TPRM topics you want to hear about Practitioners-Only Slack Forum to ask questions, share resources, and get to know your peers Access to Resources (templates, whitepapers, questionnaires, & videos) Networking Opportunities , including dedicated virtual events every quarter Virtual & In-Person TPRM-specific Conferences + $200 off your in-person conference ticket Globally Recognized Certifications Mentorship Program Access to Demos, Webinars, & Surveys from leading TPRM service providers Comprehensive Volunteer Program where you can network, build leadership skills, and contribute to the community in actionable ways Advance the Industry through our Insight Work Group & Innovation Request Form Join Now! 2 Premium Practitioner Membership $199/year Premium Membership is $199 for one year and must be manually renewed each year. Members are always welcome to switch to Standard Membership when their Premium Plan expires. All Standard Benefits 50% Off Admissions to In-Person Conference , making it the cheapest way to get tickets across the board! Early Access to Conference Registration & Hotel Room Booking , so you can get the best spot at the best price Priority Access to Select Conference Sessions Priority Access to Event Registration for virtual & in-person conferences Quarterly Network Events where you can win prizes and connect with your peers! 15% Discount on All TPRA Certifications , including exams, trainings, and renewals Monthly Informational Briefings on current and top-of-mind topics Opportunity to Beta-Test New TPRA Programs , including new certifications, trainings, and tools to ensure we're only offering the best to the community! Join now! Plans Are you a TPRM Service Provider who is interested in membership? Email Heather Kadavy at heather.kadavy@tprassociation.org to set up a call to discuss Vendor Membership Plans. ADDITIONAL TPRA PROGRAMS Women In TPRM (WNTPRM) Join our Women In TPRM Program to help uplift women in the industry! Meet monthly to discuss goals & objectives. Access our Resource Sharing Library for a variety of women in business-related materials. Nominate an inspiring woman leader within TPRM to be our next "Women Lead" spotlight. LEARN MORE Information Sharing Site The TPRA is dedicated to advancing the industry of third party risk through knowledge sharing and collaboration. In support of this goal, we provide our members with access to resources such as whitepapers, templates, current reports and blogs, government resources, and more. It is our hope these resources will aid our members in meaningful ways, and provide insight and ease to their third party risk management endeavors. Resources come from a variety of places, with some being community-created in our monthly focus group, provided by TPRM service providers, relevant government sites, among others. TPRA Certification Program Get certified through TPRA to advance your career and validate your expertise! Pursuing a professional certification is an investment in your career and allows you to validate, as well as upscale your professional knowledge, skills, and abilities. Register now for our Third Party Cyber Risk Assessor (TPCRA) Certification! The TPCRA is the standard of achievement for those who assess, monitor, and review third party cyber security and information technology controls, as well as identify and mitigate risk related to said controls. LEARN MORE TPRA Volunteer Program Join one or all of our Volunteer Committees, gain valuable leadership skills, resume-building experiences, and help to fulfill the TPRA's mission of furthering the profession of third party risk management through knowledge sharing and networking! Programs include Conference Planning, Newsletter, Information Sharing, and TPRA Membership Committees. TPRA also has a robust Volunteer Reward and Recognition program that allows you to obtain points for each hour you volunteer! Points can be turned in for rewards! Join as a member to access our Information Sharing Site & Volunteer Program! Still not sure? Register for one of our upcoming Potential Member Meetings to learn all about TPRA Member benefits, programs, & where to get plugged in! REGISTER CEO Interview TPRA WORLDWIDE

Explore TPRM service provider resources, including tools and documents to enhance your risk management strategy. Access helpful links and information from various providers. Vendor-Provided Resources Here you can find links to resources supplied by TPRA Vendor Members (TPRM Service Providers). Some of these resources require you to input information to obtain the document. Note: TPRA does not support one particular service provider over another, nor do we benefit from providing you the links below. Read and implement at your own risk. If you are a TPRA Vendor Member and have a resource or link you would like to see added to this page, please submit through our Vendor Submissions form , or send it to Meghan Schrader at meghan.schrader@tprassociation.org for review. Filter by Resource Type Blog Checklist Company Information Datasheet Framework Guide Guidebook Infographic Magazine Newsletter Other Playbook Podcast Presentation Report Research State of the Industry Survey Results Template Tool Toolkit Video Whitepaper eBook Continuity Strength Other Vendor Resilience Scenario Deck December 8, 2025 A practical, digital tabletop exercise deck designed to help third-party risk and vendor management teams test their response to vendor failures. This digital resource includes over 50 realistic scenarios covering cyber incidents, operational failures, and supply chain disruptions, plus "Pressure Cards" to simulate escalating crises. Framework-agnostic and ready-to-use, it provides a structured way to validate escalation paths, communication plans, and workarounds, helping teams proactively identify and address gaps in their resilience programs. Read All Aravo Blog Rerooting TPRM: The Transformations That Defined 2025 November 24, 2025 There is a growing eagerness to evolve away from deep-rooted, siloed risk teams and toward broad, interconnected, system-wide foundations. Depth still matters because risk expertise and solid processes depend on it, but this past year has clearly pushed TPRM ecosystems to widen in the name of stronger collaboration and resilience. So, with that in mind, let’s take a moment to unpack 2025 and highlight five standout TPRM trends. Read All Black Kite Framework Black Kite Global Adaptive AI Assessment Framework (BK-GA³™) November 12, 2025 When it comes to assessing AI risk, third party risk management teams are challenged on two key fronts: the proliferation of AI that has outpaced the ability of traditional risk frameworks to keep up, and existing AI risk assessments that are fragmented and unique to specific industries, geographies, or regulatory bodies. Black Kite's Global Adaptive AI Assessment Framework (BK-GA³™) is designed to address these challenges by providing a unified and truly global open standard for assessing AI risk. This effort reflects a commitment that has been deeply ingrained in our culture since the very beginning, a value instilled by Black Kite’s Co-founder, Candan Bolukbas, and expressed through the resources and research we regularly release to empower the community and strengthen the security of the entire ecosystem. Read All HITRUST Tool Introducing the HITRUST ROI Calculator October 28, 2025 Ready to turn your cybersecurity investments into real outcomes? Discover the new HITRUST ROI Calculator —a strategic tool that visualizes how certification can boost revenue, streamline operations, lower cyber-insurance costs, and reduce risk. Backed by real-world data and a remarkable 464% ROI benchmark, this is the clarity your business case needs. Read the full blog to see what your organization could unlock. Read All Bitsight Blog Collision Course: The Inevitable Convergence of Third Party Risk and Exposure Management October 28, 2025 In February 2024, a ransomware attack on a critical player in the US healthcare infrastructure sent shockwaves through the US and globally. Pharmacies were unable to process prescriptions using patients' insurance, leading to delays in medication dispensing and highlighting the fragility of the healthcare supply chain. Hospitals and medical offices faced severe operational disruptions, struggling to provide patient care, submit insurance claims, and receive payments. The American Hospital Association called it "the most significant and consequential incident of its kind against the US health care system in history." Read All Bitsight Blog Threat-Informed TPRM: A New Standard for Supply Chain Security October 28, 2025 Third-party attacks have emerged as one of the most critical threats in the modern cyber landscape. Adversaries increasingly exploit vulnerabilities within external vendors, suppliers, contractors, and service providers to gain indirect access to target organizations, often with severe consequences. These breaches can lead to significant data loss, operational disruption, regulatory penalties, and reputational damage. As a result, third-party risk management (TPRM) is no longer just an IT concern, it’s a board-level imperative essential to protecting sensitive data and maintaining customer trust. Read All Bitsight Datasheet A Strategic Approach to Evolve Your TPRM Program with Integrated Cyber Threat Intelligence October 28, 2025 For leading enterprises, Third-Party Risk Management is mission-critical. Yet many programs struggle with scalability and efficiency, relying on manual processes and reactive approaches to Cyber Threat Intelligence. The typical workflow – where incidents are escalated after discovery – creates delays, consumes resources, and leaves organizations blind to emerging risks. Bitsight advances TPRM maturity with an Intelligence-Driven Prioritization Funnel. This approach integrates real-world CTI into the TPRM lifecycle, exposing risks such as leaked credentials, ransomware targeting, vulnerability exposure, and dark-web chatter. By embedding intelligence at scale, organizations shift from reactive, manual investigation to proactive, data-driven risk management – empowering teams to focus resources where they matter most. Read All Aravo Blog Choppy Waters: AI Risk, Its Global Scrutiny, and Why Intelligent Tech Matters October 28, 2025 As artificial intelligence (AI) adoption surges across industries, so too does the rising tide of regulatory attention. From the EU AI Act’s structured, risk-based framework to Japan’s more fluid, innovation-friendly guidelines, global regulatory currents are moving in different directions. China, Brazil, and the United States are also charting distinct courses, each reshaping the landscape of AI compliance in its own way. For third-party risk management (TPRM) professionals, these shifting conditions present a growing challenge: how to manage AI-related risks while staying upright in a sea of contrasting values, oversight models, and definitions of responsible AI. To maintain balance, many organizations are turning to TPRM platforms that can respond with agility. Read All Aravo Blog Building AI with Purpose: Aravo’s Approach to the AI Movement October 21, 2025 As TPRM professionals face growing complexity, evolving regulations, and tightening resources, AI can be a powerful co-pilot when deployed with intention. Much like the methodical work of crafting a Pinewood Derby car that performs, AI needs structure, guidance, and testing to truly enhance outcomes. That’s why Aravo’s Intelligence-First platform stands apart. Guided by a deliberate roadmap and grounded in research from Gartner, McKinsey, Deloitte, and others, Aravo avoids the rushed, bolt-on approach to AI adoption. Instead, it focuses on a smart, phased implementation that strengthens resilience, increases efficiency, and builds long-term trust. It’s the difference between simply racing and racing to win. Read All Aravo Guidebook The Future of TPRM Is Intelligent: Navigating the Waves of AI Adoption in Third-Party Risk Management October 14, 2025 Artificial intelligence (AI) is transforming how organizations manage risk, shaping everything from daily workflows to long-term strategy. For Third-Party Risk Management (TPRM) teams, the challenge is cutting through the hype and applying AI in ways that truly strengthen resilience, decision-making, and governance. Our guide demystifies AI’s role in TPRM, offering a practical framework for adoption rooted in responsible AI principles. This guide will equip you with the knowledge to: Understand why AI in TPRM matters more than ever: learn how today’s interconnected risk ecosystem makes AI essential for managing complexity, anticipating disruption, and building enterprise resilience. Recognize warning signs of GenAI fatigue and governance challenges: explore why many AI projects stall or fail, from unscalable pilots to gaps in oversight, and how to avoid common missteps. Navigate the four waves of AI in TPRM: see how AI adoption evolves from basic automation to trust-based ecosystems, with each wave bringing both new opportunities and governance demands. Apply Responsible AI principles as a new mandate: understand the core pillars of responsibility and why they are essential for building confidence in AI-driven risk functions. Prioritize the human factor in AI success: discover why people truly define AI impact and how talent, efficiency, and change readiness drive effective adoption. Download the guide to explore how to cut through the hype, adopt AI responsibly, and build stronger, more resilient TPRM programs! Read All Aravo Blog Riding the AI Wave: Responsible AI Adoption in TPRM October 14, 2025 In the world of Third-Party Risk Management (TPRM), Artificial Intelligence (AI) is often seen as a powerful, transformative current. It carries us forward with promises of lightning-fast due diligence, predictive insights, and automated assessments. But like any seemingly ‘perfect’ wave, what’s happening beneath the surface matters. Without a clear understanding of the currents and the ocean floor, we risk getting caught in an undertow. In TPRM, the consequences of irresponsibly adopted AI can be far more serious than a bad wipeout. Let’s dive beneath the surface and examine the hidden forces behind the AI “waves” in TPRM, including the currents, the rogue swells, and the deceptive calm we need to watch for. Read All Aravo Blog The Art of Offboarding: Maintaining Resilience When Ending Third-Party Relationships September 25, 2025 Offboarding third parties is a critical, yet often overlooked, stage in the third-party relationship lifecycle. If not handled carefully, it can carry significant operational, legal, financial, and reputational risks. To support a smooth and secure transition, there are several essential steps every organization should take. Read All LOAD MORE