top of page

TPRM Service Provider Profiles

What are TPRM Service Provider Profiles?

TPRM Service Provider Profiles are specific to TPRA Vendor Members and provide organizations with descriptive and concise snapshots of individual service provider capabilities and information. These profiles assist with understanding and evaluating service provider capabilities to make product/service decisions and aid in fostering communication and connection between organizations. 

  • Onboarding and Transactional Enablement

  • Enhanced Due Diligence

  • Intake & Scope

  • Engagement-level Risk Assessment

  • Risk Management Lifecycle

  • Termination & Off-boarding

  • Continuous Monitoring & Management

  • Contract Management

  • Supplier Performance Management

  • Issue Management and Remediation

aravo logo, red background with white text

Aravo strives to make the enterprise more responsible, sustainable and ultimately more profitable. Our customers work with us to mitigate risk across their extended enterprise leveraging Aravo’s industry leading TPRM platform, portfolio of 30+ risk applications, and best practice frameworks. Enterprise teams responsible for ensuring suppliers, vendors, partners, and other third parties meet risk and regulatory requirements have Aravo as a trusted technology and business partner who understands their needs for risk visibility, management and mitigation.

Aravo’s solutions incorporate over 22 years of working experience with global brands, over 10 verticals to deliver program expertise, unified visibility and operational agility for our customers’ TPRM initiatives. Our team works to help manage risk and promote integrity for our customers so they can:

  • Avoid financial and brand liability

  • Focus on growing revenue

  • Save money through process and resource efficiencies


Dave Rusher

Chief Sales Officer

Watch Video

  • Cyber Risk Intelligence

  • Third Party/Supply Chain Risk Management

  • Continuous Monitoring

  • Financial Risk Quantification

  • Ransomware Risk Assessment

  • Automated Compliance Mapping

  • Vendor Risk Mitigation (with Prioritization)

  • Vulnerability Assessment

  • Threat Intelligence

  • Standards-Based Methodology

aravo logo, red background with white text

Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners and suppliers in an ever changing digital landscape.

Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating.  Black Kite serves more than 1,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at or on the Black Kite blog.


Johnathan Bald

VP of of Sales, North America

Watch Video

  • Ongoing vendor monitoring 

  • Cyber risk monitoring 

  • Business intelligence 

  • Dark/deep web alerting 

  • Ransomware breach alerting 

  • Federal and regulator breach report alerting 

  • News and social media alerting

aravo logo, red background with white text

BreachSiren provides affordable third party supplier monitoring for community financial institutions and healthcare organizations. Send us your vendor list and we'll handle your automated monitoring and auditing. 

Our solutions will fit your budget:

  • Easy compliance. Our ready-to-use audit reports will enhance your due diligence and board reporting.

  • Improved vendor negotiation. Know what your vendors have reported to federal and state regulators.

  • Automated alerting. Receive automated alerts via email, SMS, RSS feed or API.

  • AI Workflow Automation

  • AI Vendor Outreach

  • AI Risk Assessment Reviews

  • AI Document Reviews

  • False Positive Alert Filtering

  • Enhanced Vendor Due Diligence

  • Real-time Continuous Monitoring

  • SLA Monitoring & Reporting

  • Issue Management

  • Reports & Dashboards

aravo logo, red background with white text

Coverbase is your mission control for automating and managing third-party risk management workflows.

TPRM teams are constantly under water because of highly manual and time-consuming processes that don't accurately assess a company's risk exposure due to vendors. We help TPRM teams automate workflows so they can stay ahead of problems instead of spending all their time keeping up with risk assessments and vendor reviews.

Using Coverbase is akin to having an AI analyst on your TPRM team that automatically processes and keeps a constant eye on these data sources to help your team direct your time more effectively:

  • Unstructured documents obtained directly from vendors: SOC 2, penetration test reports, security audit results, API documents

  • Industry-leading third-party data sources: AlCybersecurity, Privacy, ESG, Financial, Adverse Media, and Know Your Business data

  • Anonymized risk assessment issues, findings, and reports from the broader Coverbase network of vendors

Coverbase allows TPRM leaders to build customized reassessment triggers based on time or risk conditions, and your AI team member automatically emails vendors to initiate the assessment, does a first-pass on submissions, then submits a risk report to you once ready.

Want to supercharge your TPRM function? Contact us to try Coverbase out.

(Coverbase connects to your existing TPRM solutions and does not require a full replacement of platforms you already have in place.)


Clarence Chio


  1. Proactive Intelligence

  2. Continuous Monitoring

  3. Sanction Screen and Adverse Media Monitoring

  4. Third Party Due Diligence

  5. Seamless Onboarding

  6. Real-time Risk Rating

  7. Dynamic Dashboarding

  8. Integrated Premium Data Sources and Proprietary Watchlists

  9. ESG Risk

  10. Supply Chain Risk

aravo logo, red background with white text

Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers through its software and tech-enabled solutions. Exiger’s mission is to make the world a safer and more transparent place to succeed. Empowering its 550 customers across the globe, including 150 in the Fortune 500 and over 55 organizations across the Defense Industrial Base and government agencies, with award-winning AI technology, Exiger leads the way in ESG, cyber, financial crime, third-party and supply chain management. 

Exiger’s award-winning, purpose-built technology platform, 1Exiger, is the only open-source, third-party and supply chain management software that helps companies and government agencies achieve cost savings, resilience, and compliance in real time.

Created and launched in collaboration with our 550+ customers, the platform makes supply chain management simple, intuitive, and accessible. The 1Exiger user experience is housed in an integrated suite that is scalable and secure. Using our powerful AI technology, you can uncover risks and reveal insights that enable confident decision-making.

Learn more at and Follow Exiger on LinkedIn.


Request a Demo

Watch Video

Follow on LinkedIn

Visit Website

🏆 TPRA's 2024 TPRM Service Provider Innovator Award Winner 

  • Topic-based working groups to collaborate with industry experts 

  • Cross-sector chatrooms for real-time collaboration and information sharing 

  • Information sharing portal All source and multi-sector alerts and reports 

  • Resilience focused analysis 

  • Event-driven Situational Awareness Dashboard 

  • Multi-sector Situational Awareness Reports 

  • Threat and resilience discussions and presentations 

  • Event-driven emergency member meetings 

  • Peer-to-peer collaboration and information exchange across the Global Resilience Federation ISAC/ISAO network 

  • Participation in exercises and development of the Operational Resilience Framework, security standards, and playbooks

aravo logo, red background with white text

GRF builds, develops and connects security information sharing communities for mutual defense. GRF, with nearly 20 years of experience, is a nonprofit provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis centers (ISACs), organizations (ISAOs) and computer emergency readiness/response teams (CERTs) from many different sectors and regions around the world. GRF will help your industry develop or enhance a trusted sharing community, obtain actionable intelligence, and support you in emergencies. That’s the power of Global Resilience Federation.

Global Resilience Federation is the evolution of 1998's U.S. Presidential Decision Directive 63 and 2003's Homeland Security Presidential Directive 7 which mandated that the public and private sectors share information about cyber and physical security threats and vulnerabilities to help protect critical infrastructure. GRF was launched in 2017 as a standalone company, from a former Financial Services Information Sharing and Analysis Center (FS-ISAC) division, to coordinate multi-industry sharing and stand-up new sharing communities to be incorporated into that voluntary sharing architecture.

That effort has expanded beyond the United States and critical infrastructure to encompass global organizations, essential industries, and supply chains. GRF members span five continents, working to protect industries deemed critical by most world governments, and others that are essential to the global economy.

As industry and threat actors both adapt, cross-sector sharing is a necessary progression in the security of our modern digital economy.

Business Resilience Council (BRC) | Discount for TPRA Members

The Business Resilience Council (BRC) is a nonprofit, multi-sector, collaborative defense community where members share actionable intelligence, security and resilience best practices and analyst-curated information to help reduce risk and negative impacts across all hazards – cyber, physical, geopolitical, terrorism, major weather events and more. Key working groups focus on operational resilience, disaster recovery, supply chain and third party risk, AI security, and cross-sector exercises.

TPRA Members are eligible to receive 10% off the first year of dues to the BRC. Information was sent via email. If interested, please email us at

  1. Automatic third-party assessment.

  2. Automatic third-party artifact gap analysis. 

  3. Actionable risk findings. 

  4. Always up-to-date third-party inventory. 

  5. One-click reporting. 

  6. Third-party threat intelligence feed. 

  7. Comparing third-party promises to actual behaviour. 

  8. Continuous third-party risk assessment & monitoring. 

  9. Fourth-party mapping. 

  10. Automated compliance mapping.

aravo logo, red background with white text

Lema enables TPRM teams to proactively mitigate third-party risk, with no manual work required. Manual TPRM processes cost you thousands of wasted hours and can create a false sense of security - leaving you exposed. 

With Lema, skip the manual labor to achieve better and faster risk mitigation: 

  • Generate a third-party inventory in < 1 week.

  • Assess a third-party in < 5 minutes.

  • Discover actionable findings that humans could easily miss.

  • Instantly detect increases in inherent risk.

  • Maintain 100% up-to-date assessment coverage.


Eddie Dovzhik 


  1. Automated vendor discovery 

  2. Smart inherent risk assessments 

  3. Business impact analysis 

  4. Configurable workflows 

  5. Lifecycle management 

  6. Data mapping 

  7. Continuous monitoring 

  8. Breach insights

aravo logo, red background with white text

Locktivity is a better way to manage third-party risk. Built by security and GRC professionals, Locktivity streamlines management of your third-parties with configurable workflows, realtime visibility, and automated risk intelligence. We help companies simplify identifying inherent risks, shine a light on shadow IT, and make effective risk management achievable.


(415) 245-0234

  • Enterprise risk management

  • Third-party vendor management

  • Regulatory compliance management and change management

  • Lending compliance, including fair lending analytics

  • Automated findings management

  • Business continuity planning & testing

  • Audit & compliance reviews management

  • Virtual employee engagement

  • Risk performance management

  • Vendor cybersecurity monitoring

aravo logo, red background with white text

Ncontracts’ powerful suite combines risk, compliance, vendor, and findings management solutions to drive efficiency and build a risk management culture resulting in smarter, faster decisions.

Ncontracts provides solutions to a rapidly expanding customer base of over 4,000 financial institutions in the United States. We help financial institutions achieve their compliance and risk management goals with a powerful combination of user-friendly cloud-based software and expert services. The company was named to the Inc. 5000 fastest-growing private companies in America for the fourth consecutive year. For more information, visit or follow the company on LinkedIn and Twitter.


Rashida Holmes

SVP, Partnerships & Outreach

Request a Demo

Watch Video

  • Risk Assessments and Mitigation

  • Vendor Evaluation and Automated Onboarding

  • Risk Analytics and Control Gaps Report on Thousands of Vendors

  • Ongoing Monitoring and Risk Alerts

  • Auto Inherent Risk Insights to Prioritize Vendors

  • Built-in Cyber Risk & ESG Ratings

  • Vendor Scorecards and Comparison

  • Audit-Ready Reporting and Dashboards

  • Automated Workflows to Increase Collaboration

aravo logo, red background with white text

OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. More than 14,000 customers use OneTrust’s technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia.

Learn more at


Jason Sabourin

Senior Director, Third-Party Risk

Want to learn more? Watch this video!

  • Vendor Onboarding

  • Sourcing RFx

  • Inherent Risk Scoring & Vendor Classification

  • Vendor Due Diligence & Ongoing Monitoring

  • Vendor Risk Assessments

  • SLAs & Vendor Performance Management

  • Vendor Contract Management

  • Vendor Issue Management

  • On-Site Vendor Control Assessments

  • Cyber Ratings, Financial Health Scores & ESG Ratings

aravo logo, red background with white text

ProcessUnity Third-Party Risk Management protects companies and their brands by reducing risk from third parties, vendors and suppliers. TPRM expands the scope of risk management to encompass any external party that could pose a risk to an organization, including vendors, contractors, partners and suppliers.

With a single, configurable platform, ProcessUnity helps organizations manage the increasing complexity of supply chains and third-party relationships with tools to identify and assess the risks associated with each external party, monitor third-party performance and ensure external control effectiveness. Our software platform empowers you to proactively manage third-party risks and protect your organization from potential cyber threats and business disruptions.

ProcessUnity is used by the world’s leading financial service firms and commercial enterprises.  The company is headquartered outside Boston, Massachusetts. For more information, visit


Kate Broderick

Marketing Program Manager


  • Managed services for due diligence

  • Vendor risk assessments (onsite or remote)

  • Third-party risk management program audit/assessment

  • Third-party risk management program building

  • Dashboarding and analytics

  • Cyber resiliency

  • Advisory services

  • Regulatory guidance related to third-party relationships

  • Access to subject matter resources across risk topics

  • Specialized vendor audits

aravo logo, red background with white text

RSM’s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services focused on middle market businesses. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business environment. RSM US LLP is the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with 48,000 people across 120 countries. For more information, visit, explore our third-party risk management services, like us on Facebook, follow us on Twitter and/or connect with us on LinkedIn.

  • In-depth financial analysis of global public and private companies

  • Global financial data and private company ratings sourced from over 150 countries. 

  • Risk Assessment, TPRM, supply chain management

  • Predictive analytics, with a 90% accuracy rate

  • Financial Reports that are easily digestible, accessible, and shareable

  • Vetting, onboarding new suppliers, and monitoring existing suppliers

  • Comprehensive Reporting Suite and predictive analytics 

  • API Integrations 

  • Configurable program/category dashboards

  • 73 ratios for a quantitative analysis on core health and financial resiliency

aravo logo, red background with white text

RapidRatings sets the standard for financial health transparency between business partners, transforming the way leading companies manage enterprise and financial risk. The company provides the most sophisticated analysis of the financial health of public and private companies from over 140 countries worldwide.  RapidRatings primary sources private company vendor financial statements directly on behalf of our customers.

Through RapidRatings’ FHR Exchange, an innovative and secure membership platform, businesses can build more meaningful relationships and gain visibility into the financial stability of global suppliers, vendors, and other third parties.

For more info, visit: Third-Party & Vendor Risk Management │RapidRatings


Eric Evans

Managing Director,  Partnerships & Alliances

Watch Video

  • Risk assessment

  • Risk Review & Scoring

  • Continous Monitoring

  • Third-Party Risk Management

  • Supply Chain Risk Management

  • Enterprise Risk Management

  • Unique Custom Risk Prioritization

  • Efficiently Streamlined Risk Management Program

  • Risk Performance Insight

  • Manage Critical Vulnerabilities

aravo logo, red background with white text

RiskRecon, a Mastercard company, is the only continuous vendor monitoring solution delivering risk-prioritized action plans customized to match your risk priorities, providing the easiest path to understanding and acting on third-party cyber risk. With RiskRecon, you can build a scalable, third-party risk management program and realize dramatically better outcomes. Learn more about RiskRecon and request a demo at


Jonathan Ehret

VP of Strategy & Risk

Watch Video


Full-spectrum supplier risk intelligence with coverage for the following risk domains:

  • Financial Risk

  • Cyber Risk

  • SG Risk

  • Compliance Risk

  • Operations Risk

  • Nth Parties

  • Locations

Accessible as real-time and continuous full-spectrum risk monitoring for suppliers and locations, comprehensive one-time risk reports, or instant risk scans.

aravo logo, red background with white text

Supply Wisdom transforms global business with comprehensive, predictive, real-time risk intelligence. Through continuous monitoring, comprehensive intelligence reports, and real-time alerts, Supply Wisdom speeds business growth, lowers costs, increases security and compliance, and unlocks revenue opportunities. Supply Wisdom’s full-stack AI-based SaaS products turn open-source data into risk intelligence and are the market’s only software to cover all risk domains in real-time: financial, cyber, operational, ESG, compliance, Nth party, and location-based risk. Supply Wisdom clients include Fortune 100 and Global 2000 firms in the financial services, insurance, healthcare, and technology sectors, including United Healthcare, BNY Mellon, and Bank of Ireland. Supply Wisdom values diversity with a global workforce that is currently 57% female.

Contact Supply Wisdom today for a quick demo so you can see how our actionable approach can achieve great results for your company.

For more information, visit our website and follow us on LinkedIn.


Pete Curtis

Head of Marketing

Supply Wisdom

🏆 TPRA's 2022 TPRM Service Provider Innovator Award Winner

  • Third Party Risk Management and Onboarding

  • End-to-End Workflow Management

  • Configurable Risk Model / Risk Segmentation

  • Nth Party Relationship Management

  • Third Party Risk Screening & Monitoring (Sanctions, Watchlists, PEPs, Adverse Media)

  • Programmatic Due Diligence

  • Diligence Ordering

  • Escalation to Enhanced Due Diligence and Investigations

  • Additional Features for Specific Sectors:  MedTech, Energy, Manufacturing, Private Equity

  • Configurable to Client Needs

aravo logo, red background with white text

TDI is a strategic advisory and risk intelligence firm that helps multinational organizations more effectively manage commercial, regulatory, and reputational risk. We deliver a decisive information advantage to our clients through advisory services, due diligence and investigations, and our flagship product, TDI Diligence Suite, which dramatically increases efficiency and provides clients with critical insights.

TDI Diligence Suite is an enterprise, third-party onboarding and management SaaS system that is specifically designed to help you manage third-party risk. Our platform empowers businesses to unlock accuracy and efficiency with automated third-party onboarding, assessments, due diligence, approvals, and monitoring. TDIDiligence Suite also creates an auditable record of the entire process, provides valuable and easy-to-understand insight into your enterprise risk, and addresses data privacy requirements to provide a clear picture of your entire risk management process.


Tiffany King, J.D.
Senior Director

Watch Video

  • AI

  • Third Party Risk Assessments

  • Continuous Monitoring

  • Security Artifact Collection

  • TPRM Auditing

  • Third Party Data

  • Risk Management

  • Risk Alerts

  • Vendor Recommendations

  • Lifecycle Management

aravo logo, red background with white text

VISO TRUST is the Next Generation SaaS Third Party Cyber Risk Management Platform that uses human-in-the-loop AI and end-to-end automation to continuously assess the risk posed by current and prospective third party relationships with unprecedented precision, speed and scalability.

Powered by unique patented AI technology called Artifact Intelligence, VISO TRUST streamlines and simplifies TPRM workflows by engaging third parties automatically and collecting artifacts of the security program that already exist.

Artifact Intelligence supports over 25 frameworks and comprehensively determines risk across cybersecurity, privacy, resilience, AI trust, cyber insurance, and product security dimensions. The platform draws third party data from a diverse set of public and private sources and eliminates vendor chasing, and questionnaire-oriented administration, collection, and analysis. Instead, VISO TRUST collects, identifies, and classifies third party program artifacts automatically and then extracts and evaluates controls to determine their level of assurance.

  • Onboarding, Ongoing Management, Offboarding

  • Outsourced Due Diligence

  • Risk Assessments

  • Questionnaires

  • Contract Management

  • Oversight Management & Automation

  • Cross-Domain Continuous Monitoring

  • SLA Management

  • Issue Management

  • Reports & Dashboards

aravo logo, red background with white text

Venminder offers a world-class SaaS platform that guides and streamlines third-party risk management. Today, more than 1,200 customers globally use Venminder to manage the entire end-to-end vendor lifecycle, from onboarding new vendors to ongoing management to offboarding vendors.

Venminder has mastered the art of combining technology with the human experience. This expertise empowers their platform to enable customers to manage vendors, contracts, due diligence tasks, questionnaires, risk assessments, and monitoring. Completed assessments on vendor controls can be ordered through their Vendiligence™ service to reduce due diligence review workloads and include thorough assessments of a vendor’s information security, SOC reports, contracts, financials, business continuity/disaster recovery, and more.

For continuous vendor monitoring, Venmonitor™ provides intelligence for better risk-based decisions. It brings the industry’s best risk intelligence data into one central location, allowing you to screen vendor or supplier performance across multiple risk domains, including cybersecurity, ESG, privacy, Know Your Vendor, business health and credit risk, and adverse media.

For more information, visit or follow Venminder on LinkedIn, Twitter and Facebook.


Jim Ciortan

Chief Sales Officer

Watch Video

  1. Total Third-Party Risk Management 

  2. Fast, Efficient Vendor Assessments 

  3. Automated Questionnaire Reponse 

  4. Security Exchange for On-Demand Assessments 

  5. AI-Powered Workflows 

  6. TPRM Lifecycle: Intake, Calculate Risk, Assess, Monitor 

  7. Trust Center: Manage, Publish, and Share Security Compliance Info 

  8. Access to 40+ Questionnaires and Frameworks 

  9. SOC 2 Summarization 

  10. Salesforce and Slack Integrations

aravo logo, red background with white text

The Whistic platform gives InfoSec teams the power to run world-class third-party risk management and customer trust programs with a single, unified experience that streamlines both sides of the vendor risk assessment process. 

Enable Your Custom TPRM Program 

Easily manage all aspects of your third-party risk program and significantly reduce your company’s potential for a costly data breach. Meet your regulatory compliance and audit requirements in a simple, automated process. 

Manage and Share Your Trust Center 

Substantially reduce inbound questionnaire response requests: manage all of your security and compliance information from one place, making it fast and easy to search, publish, share, and confidently meet a customer’s assessment requirements. 

Connect with Thousands of Companies 

Access the industry’s most robust network of vendors and their customers: securely exchange security and compliance information and conduct on-demand assessments. 

Leverage Integrated AI and Automation 

Let Whisitc AI do the heavy lifting throughout your TPRM processes: summarize, organize, and analyze data, generate content, and automate manual tasks so you can focus on other things. 

Learn more at

Free Trial For All TPRA Members

Whistic is offering TPRA members a free trial of their platform. Benefits include:

  • Access Whistic’s Trust Catalog and streamline assessments with on-demand, secure access to thousands of robust profiles featuring completed questionnaires and supporting documentation, including SIG’s, CAIQ’s, ISO 27001, SOC 2 and more

  • Utilize Whistic Assess to automate end-to-end third-party risk management processes and perform assessments.

  • Create your own Trust Center to manage and share your security documentation to close deals faster and eliminate questionnaires.

If you are interested in taking advantage of this offer, contact us at


Josh Mordecai

Growth Specialist

bottom of page