Search Results

< Previous View Resource Library Next > TRAINING ACTIVITY Leadership Ladders Originally developed by TPRA's Women in TPRM "Lead" work group, this training activity is designed for all current and aspiring leaders within the Third Party Risk Management (TPRM) industry. Each box on the board is linked to a valuable resource–including customized guides, blogs, videos, quizzes, and more–with the goal of enhancing your leadership potential through buildable skills and expert insights. Designed to first develop your core competencies as a leader, the board will then lead you through other scenarios that current and new leaders will face. Any professional, regardless of what stage they're at in their career, can find value in this activity. VIEW

< Previous View Resource Library Next > INFOGRAPHICS Establishing Accountability in Third Party Risk Management This resource, Establishing Accountability in Third Party Risk Management (TPRM) , provides a concise yet powerful framework for embedding accountability into TPRM programs. Built around the Three Lines of Defense model introduced by the Institute of Internal Auditors (IIA), the guide highlights how operational management, risk/compliance functions, and internal audit each play a distinct but interconnected role in protecting the organization from third-party risks. It outlines: First Line (Operational Management): Frontline teams managing vendors and risks directly. Second Line (Risk Management & Compliance): Dedicated teams ensuring oversight, building policies, and supporting consistent risk management practices. Third Line (Internal Audit): Independent assurance to evaluate effectiveness, verify compliance, and recommend improvements. The resource emphasizes that effective TPRM is not just about tools and processes , but about making accountability part of organizational culture. With clear responsibilities and a strong governance structure, TPRM professionals can drive transparency, reduce risk exposure, and enhance resilience. This downloadable guide is designed for any TPRM practitioner seeking a quick-reference tool to strengthen accountability within their programs. DOWNLOAD

< Previous View Resource Library Next > EBOOKS Third Party Risk Management (TPRM) 101 Guidebook TPRA’s TPRM 101 Guidebook is the most comprehensive, practitioner-built guide available for third-party risk professionals today. Developed over three years with input from experienced practitioners, subject matter experts, and service providers, this 150+ page resource is designed to meet you where you are—whether you're launching a new program or enhancing a mature one. The guidebook walks you through the entire TPRM lifecycle , providing not just theory but practical guidance you can implement immediately. With clarity and depth, it helps you build a program that’s not only compliant but resilient, scalable, and respected by leadership. Key Features Include: Step-by-step guidance across all TPRM lifecycle stages: planning, onboarding, risk assessment, monitoring, offboarding, and more Practical tools and templates for risk scoring, due diligence, contract reviews, and performance monitoring Real-world examples and use cases to help translate concepts into action Checklists and best practices you can apply directly to your current processes Tips for program enhancement , including scaling, cross-functional alignment, and regulatory mapping Insights from the TPRM community , including what’s working (and not working) across industries Alignment with regulatory expectations and common frameworks, from banking and healthcare to tech If you’ve ever struggled to find clear, actionable guidance in a rapidly evolving risk environment, this guidebook was made for you . Built by the community, for the community , the TPRM 101 Guidebook isn’t just a resource. It’s your foundation for confident, proactive third-party risk management. DOWNLOAD

< Previous View Resource Library Next > INFOGRAPHICS Why Automate Sanctions Monitoring? "Why Automate Sanctions Monitoring?" is a one-page infographic that outlines how automation improves the accuracy, speed, and consistency of sanctions screening. It highlights key automation capabilities such as continuous third party monitoring, executive and ownership screening, and automated flagging workflows. These features help organizations stay compliant with evolving global regulations, reduce the burden of manual checks, and quickly identify potential compliance risks. Use this infographic as a reference to better understand where automation fits in your TPRM process and how it can strengthen your overall compliance strategy. DOWNLOAD

< Previous View Resource Library Next > INFOGRAPHICS Creating a TPRM Budget "Creating a TPRM Budget" is a one-page infographic that provides a sample budget format to help risk management teams build and present a clear, effective budget. It outlines the essential components of a TPRM budget, including cost avoidance, operational resilience, return on investment (ROI), measurable key performance indicators (KPIs), and multi-year forecasting. By using this framework, organizations can showcase the value of their TPRM program, align with strategic goals, and gain executive buy-in for future investments. Download the infographic to use as a quick reference and support your next TPRM budget presentation. DOWNLOAD

< Previous View Resource Library Next > VIDEOS TPRM 101: Contract Review The third video in TPRA’s TPRM 101 series covers the Contract Review phase—an essential part of the third-party risk lifecycle that ensures business expectations are clearly defined, legally enforceable, and aligned with risk and compliance requirements. Key focus areas include: Identifying which contract clauses support TPRM controls Ensuring enforceability of risk and performance requirements Aligning terms with legal, regulatory, and operational obligations Collaboration between procurement, legal, and risk stakeholders Documenting rights related to audits, data use, termination, and reporting WATCH

< Previous View Resource Library Next > VIDEOS TPRM 101: Pre-Contract Due Diligence (PCDD) - Part 1 In Part 1 of the Pre-Contract Due Diligence segment of TPRA’s TPRM 101 series, viewers are introduced to the framework for evaluating third-party risk before contract signature. This phase ensures that vendors are capable of meeting your operational, security, and compliance requirements before the relationship becomes formal. Key features include: Overview of the Pre-Contract Due Diligence structure and sections The importance of timing and sequencing risk assessments before onboarding Stakeholders involved in information gathering and validation Introduction to upcoming segments covering risk identification through reporting WATCH

Being a leader is often about mastering the more subtle aspects of communication and interpersonal relationships. Learn how through a variety of resources. All Categories Previous Category Next Category Soft Skills Filter by Resource Type Blogs & Articles Ted Talk Found 5 Blogs & Articles The Language Women Use in the Workplace and What it Means "As a woman, have you ever found yourself using the phrases “I may be wrong, but…”, or “I’m not an expert in this, but…”, or excessively using the word “sorry…”? Research has found that women are much more likely to use self-deprecating or ‘softer’ language in the workplace. Let’s take a closer look at what language women tend to use and why." Check It Out Meghan Schrader Wednesday, May 19, 2021 Ted Talk Crucial Facts You Need To Know About Your Voice In Your Career Why do top all the professionals, executives, organizational leaders and speakers get a voice coach to help them? When you can communicate what is remarkable, and exceptional about you, you then become irreplaceable in the marketplace. Here are a few defining facts. Your voice speaks louder than what you have to say. Your voice makes people believe what you say. Just a small adjustment can make a big difference to your speaking. Think about it….what do you hope to accomplish with your communication skills and is your voice ready? Check It Out Meghan Schrader Tuesday, December 8, 2020 Ted Talk Get Comfortable with Being Uncomfortable Luvvie Ajayi Jones isn't afraid to speak her mind or to be the one dissenting voice in a crowd, and neither should you. "Your silence serves no one," says the writer, activist and self-proclaimed professional troublemaker. In this bright, uplifting talk, Ajayi Jones shares three questions to ask yourself if you're teetering on the edge of speaking up or quieting down -- and encourages all of us to get a little more comfortable with being uncomfortable. Check It Out Meghan Schrader Tuesday, January 2, 2018 Ted Talk How vulnerability makes you a better leader As the founder of a startup, Tracy Young often worried that employees and investors valued male CEOs more -- and that being a woman compromised her position as a leader. In this brave, personal talk, she gives an honest look at the constraints women face when trying to adapt to a male-dominated business culture -- and shares how she developed the courage and vulnerability to lead as her complete, raw self. (This talk contains a graphic story. Discretion is advised.) Check It Out Meghan Schrader Tuesday, March 2, 2021 Blogs & Articles 'Sorry' but these are things women should never write in an email "When it comes to emails, it isn't a surprise that men and women communicate differently. But research shows that when certain writing styles are used by women, the message can be received differently." Check It Out Meghan Schrader Monday, August 5, 2019

Tandem offers a complete GRC software used by over 1700 organizations to manage the compliance burden of information security regulations and improve security posture. < Back Tandem Wednesday, October 22, 2025 3:30 PM - 3:55 PM CT GRC Platform Globe Mail Search Search Tandem provides a simplified and streamlined vendor management software, designed to organize your vendor management program. Avoid complicated spreadsheets, manually updated calendars, and trying to organize files across network folders. Instead, use Tandem Vendor Management to efficiently oversee your vendors, create risk assessments, collect due diligence documents, and manage contracts and documents. In addition to vendor management, Tandem offers a complete GRC software used by over 1700 organizations to manage the compliance burden of information security regulations and improve security posture. Tandem provides 11 unique yet integrated products as part of the GRC software suite. Presenter(s) Savannah Richardson GRC Content Analyst Savannah finds joy in education - striving to make information more accessible for teaching and sharing resources. She has a B.A. in Business Administration, an M.S. in Finance, and has earned the IT Risk Fundamentals ISACA certificate. Savannah currently works as a GRC Content Analyst, where she helps create and maintain cybersecurity and compliance content for Tandem. Her enthusiasm for learning shows with interest in topics such as GRC, risk… Show More Previous Next

FOR IMMEDIATE RELEASE Third Party Risk Association (TPRA) Announces ‘Women In Third Party Risk Management’ Program Monday, May 2, 2022 TPRA Announces Launch of Their Women in TPRM (WNTPRM) Program ANKENY, IOWA — 2 May 2022 — Today, the TPRA announced the official launch of their new ‘Women In TPRM’ Program. This program is dedicated to elevating women in the TPRM industry and promoting equal opportunities within the field. “As a women-led, not-for-profit organization whose mission it is to further the profession of third-party risk, the TPRA is dedicated to creating a diverse and inclusive space for the purpose of promoting, uplifting, and supporting women in the TPRM industry,” said Julie Gaiaschi, CEO and Co-founder at TPRA. According to GRC World Forums, women only represent 15-20% of the Governance, Risk and Compliance profession. Only about 25% of every 100 security and risk management (SRM) executives are women , Gartner Inc. noted in its 2019 article. After their preliminary announcement at their 2022 TPRM Conference, “The Art of Third Party Risk,” the TPRA received an influx of interest forms for the new program, highlighting the need for industry collaboration and discussion on this important topic. The program’s first meeting is set for May 24, 2022, from 1-2 p.m. Central Time and is open to all TPRA Practitioner and Vendor Members interested in becoming active participants in industry-wide change. About Women in TPRM The mission of ‘Women In TPRM’ is to uplift women within the TPRM industry, provide access to higher-paying jobs within TPRM, facilitate mentorships for women in TPRM, create a platform for women in TPRM to be recognized, celebrated, and supported, and cultivate the next generation of women leaders. Program participants will meet quarterly to discuss activities, as well as potential barriers, related to these goals, promote the importance of women in TPRM by creating educational materials for organizations, provide access to talks, tools, and techniques for uplifting and informing women in TPRM, highlight women leaders in TPRM, and promote TPRM job listings from organizations supporting and uplifting women. The program features a Resource Sharing Library, which contains a variety of women in business-related materials such as reports over the latest trends and statistics, blogs and articles on relevant and current happenings, and TED Talks featuring inspiring women in business; educating others on how to navigate the business world and find success in their careers. In addition, members are invited to join the TPRA ‘Women in TPRM’ Slack Forum channel to facilitate discussion in real-time. The program is open to all people whose mission it is to uplift women in TPRM, as diversity and representation are key to industry-wide change. Gartner Inc. notes that gender- diverse and inclusive teams outperform gender-homogeneous, less-inclusive teams by an average of 50%, in their 2019 article, highlighting the importance for inclusive and collaborative discussion on this challenge. The mission of the TPRA is to further the industry of TPRM through knowledge sharing and collaboration. As such, this group is specific to third party risk management. While Women In TPRM recognizes the missions of other women-related groups, the program will not be addressing topics outside of TPRM. To learn more about this program, submit an interest form and register for upcoming meetings, visit https:// www.tprassociation.org/women-in-tprm . ### Founded in 2019, Third Party Risk Association is a leader in TPRM industry best practices. The 501(c)(6) not-for-profit organization was created out of a necessity to build a community of like-minded third party risk professionals to allow for the sharing of best practices, exchanging of ideas, and influencing of an industry. MEDIA CONTACT Meghan Schrader Meghan.schrader@tprassociation.org www.tprassociation.org FOR MORE INFORMATION https://www.tprassociation.org/women-in-tprm Previous Next

Get to know Vincent Scales, CVSHealth, and a member of TPRA's Board of Directors! < Back Vincent Scales CVSHealth CHAIRMAN OF THE BOARD Vincent Scales is a third party security & risk management leader with 20 years of experience building, delivering and operating shared services and third party security & risk management programs in large enterprises, both from the perspective of the outsourcer as well as the service provider. Currently, Vincent is Lead Director, Third Party Security at CVSHealth, leading a portfolio of third party security risk management activities. He holds a Bachelor’s in Business Administration from Northern Arizona University and a Master’s in Business Administration from Arizona State University. Vincent resides in Phoenix, AZ along with his wife and their three labradoodles. Next >

Get to know Heather Kadavy, TPRA's Senior Membership Success Coordinator! < Back Heather Kadavy Senior Membership Success Coordinator SENIOR STAFF Heather Kadavy joined the Third Party Risk Association (TPRA) in 2023 as the Senior Membership Success Coordinator. In recent year(s) Heather has been providing freelance TPRM consulting work to various organizations after retiring from a Nebraska financial institution after nearly 35 years where she oversaw and managed critical programs of the organization including Third Party Risk Management, Information Security, Physical Security, Safety, Business Recovery, Financial Crimes, Model Risk Management, and Enterprise Risk Management. In her TPRM role she had oversight of over a thousand third party relationships, systems, due diligence reviews and contract management activities. She developed, facilitated, and implemented training programs for thousands of employees over the years. As well as has served in board of director or leadership team roles to facilitate local, regional and state-wide peer-partnerships meetings between financial institutions, law enforcement, and other industry, external audit & regulatory participants (e.g., the Institute of Internal Auditors, Great Plains Contingency Planners, FILE, FISA, etc.). Heather is a natural born connector of people and values relationship building at the cornerstone of her career. She encourages you to connect with TPRA and herself via LinkedIn to join in the "TPRM Global Conversation". Heather received her bachelor's in accounting from the University of Nebraska-Lincoln and has achieved numerous certifications over the years including the latest of Certified Enterprise Risk Professional (CERP), Certified Third Party Risk Management(CTPRM), and Certified Banking Vendor Manager (CBVM). Heather currently sits on the leadership team of Lincoln Women For Good (philanthropic non-profit) and the board of directors of the Lincoln Hygiene Network a program of Poverty Impact Network (a hygiene bank non-profit). She resides in Lincoln Nebraska along with her husband and two adult children. She enjoys spending time with her family & friends, volunteering, puzzles and baking. Next >