TPRM Service Provider Profiles

What are TPRM Service Provider Profiles?

TPRM Service Provider Profiles are specific to TPRA Vendor Members and provide organizations with descriptive and concise snapshots of individual service provider capabilities and information. These profiles assist with understanding and evaluating service provider capabilities to make product/service decisions and aid in fostering communication and connection between organizations. 

Top 10 product
functionality categories

  1. Onboarding and Transactional Enablement

  2. Risk Assessment

  3. Risk Review & Scoring

  4. Continuous Monitoring

  5. Issues and Corrective Actions

  6. Engagement-level Risk Assessment

  7. Performance Management

  8. Pro-active incident monitoring and management 

  9. Enhanced due diligence for Environmental Social Governance (ESG), infosec, data privacy, financial services risk, and anti-bribery/corruption

  10. AI/ML for automation, decision support, and prediction

Aravo Logo RGB.png

Aravo delivers the market’s smartest third-party risk and performance management solutions, powered by intelligent automation.

With Aravo, customers can work smarter, move faster, see clearer, and make better decisions about their extended enterprise – all in one place.


For more than 20 years now, Aravo’s combination of award-winning technology and unrivaled domain expertise has helped the world’s most respected brands accelerate and optimize their third-party management programs, delivering better business outcomes faster and ensuring the agility to adapt as programs evolve.


Aravo is trusted by the world’s leading brands, helping them manage the risk and improve the performance of more than 5 million third parties, suppliers and vendors across the globe.

Contact Information

Daniel Gibson

Vice President

Top 10 product
functionality categories

  1. Third party cyber risk management from 3 dimensions: Technical, financial and compliance

  2. Continuous cyber risk monitoring

  3. Technical cyber risk rating

  4. Risk quantification modeling using Open FAIR™

  5. Cyber compliance against industry standards

  6. Ransomware Susceptibility Index™ (RSI™) 

  7. Vulnerability and asset prioritization

  8. Step-by-step issue resolution reporting

  9. Industry trend reporting

  10. Data breach tracking and reporting

Black Kite Logo - Horizontal for Light BG.png

One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. At Black Kite, we’re redefining vendor risk management with the world’s first global third-party cyber risk monitoring platform, built from a hacker’s perspective. 

With 300+ customers across the globe and counting, we’re committed to improving the health and safety of the entire planet’s cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence. While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain’s cybersecurity posture from three critical dimensions: technical, financial and compliance.

Contact Information

Katherine Desy

Channel Marketing Manager

Top 10 product
functionality categories

  1. Vendor risk assessment exchange

  2. Tech-enabled managed services

  3. Rapid validated assessments

  4. Dashboard & BI reporting

  5. Full vendor portfolio coverage

  6. Workflow automation

  7. Remediation services

  8. Product and environment-specific assessments

  9. Integration with leading VRM technology providers

  10. Healthcare vendor risk management


CORL is a leading provider of tech-enabled managed services for vendor risk management and compliance for healthcare organizations. CORL gets results by scaling organizational and vendor risk management programs through our healthcare vendor clearinghouse, dashboard reporting that business owners can understand, and proven workflows that drive the organization to measurable risk reduction.


We have assessed over 80,000 healthcare vendors and validated their security posture. Our vendor risk clearinghouse platform allows the rapid sharing and reuse of assessment results across healthcare organizations. Our tech-enabled managed service completes your vendor risk assessments, validates assessment responses, and follows through with vendors until they remediate known critical gaps.


CORL’s unique combination of data, automation, workflow, process, and technology expedites the vendor risk assessment process and delivers what the business needs most: Speed.

Contact Information

Jay Stewart

Vice President of Sales

Top 10 product
functionality categories

  1. Third-party risk assessment

  2. Economic impact analysis

  3. Benchmarking risk levels with industry peers

  4. Proactively mitigate third-party cyber risk

  5. Continues monitoring with real-time alerts and recommendation

  6. Third-party cyber risk quadrant

  7. Third-party risk catastrophe scenario analysis

  8. Cyber insurance for third parties

Cyberwrite logo -png- 2000-413px[80].jpg

Founded in 2017 by industry veterans, Cyberwrite is a leader in Third-Party Cyber Risk Management. By using Cyberwrite, organizations are enabled to understand the economic impact a third-party breach may have on their business based on real-time data, advanced predictive models, and best-of-breed cyber intelligence and data-gathering technology.

Cyberwrite enables the proactive risk mitigation of the entire third-party ecosystem to reduce the chance of a breach and help organizations become more compliant. Cyberwrite is a Gartner Cool Vendor, Frost & Sullivan Best Practices Award Winner, Citi Bank Accelerator Graduate, and serves organizations of all sizes, including leading Fortune 500 companies.

Contact Information

Ami Sterling
VP of Marketing

Top 10 product
functionality categories

  1. Cybersecurity Self-Assessment

  2. Third Party Risk Management

  3.  Insurance Underwriting

  4. Summary reports for C-Suite and board level visibility

  5. Score improvement scenarios

  6. Benchmark security performance of third-party relationships

  7. Custom dashboard monitoring critical data driving your cyber risk score 

  8. Unlimited access to vendor scores

  9. Historical security data trends

  10. Patented Supervised Machine Learning model trained to identify and use signal sources with high predictive value


The ISS Cyber Risk Score provides an empirical, proactive indicator of cyber security risk that allows organizations to better understand their own cyber resilience as well as the security posture of their vendors. Advanced machine learning based analytics, distill raw cyber intelligence into a concise actionable metric for vendor management. ISS Cyber Risk Score for Enterprise allows organizations to view their cyber risk management programs through a single lens that presents their own information as well as information regarding their vendors.

Contact Information

Top 10 product
functionality categories

  1. Risk Assessments and Mitigation

  2. Vendor Evaluation and Automated Onboarding

  3. Risk Analytics and Control Gaps Report on Thousands of Vendors

  4. Ongoing Monitoring and Risk Alerts

  5. Auto Inherent Risk Insights to Prioritize Vendors

  6. Built-in Cyber Risk & ESG Ratings

  7. Vendor Scorecards and Comparison

  8. Audit-Ready Reporting and Dashboards

  9. Automated Workflows to Increase Collaboration


OneTrust Vendorpedia™ is the largest and most widely-used technology platform to operationalize third-party risk. The offering enables both enterprises and their vendors with technology solutions that include: the Third-Party Risk Exchange, a community of shared (and pre-completed) vendor risk assessments with 70,000+ participating vendors; Questionnaire Response Automation, a tool that helps organizations answer incoming security questionnaires; and Third-Party Risk Management software, a platform to streamline the entire vendor lifecycle, from onboarding to offboarding.


More than 8,000 customers of all sizes use OneTrust, which is powered by 150 awarded patents, to offer the most depth and breadth of any third-party risk, security, and privacy solution in the market. OneTrust Vendorpedia offers purpose-built software designed to help organizations manage vendor relationships with confidence, including and integrates seamlessly with the entire OneTrust platform, including – OneTrust Privacy Management Software, OneTrust DataDiscovery™, OneTrust DataGovernance™, OneTrust GRC, OneTrust Ethics, OneTrust PreferenceChoice™, OneTrust ESG, and OneTrust DataGuidance™.

Contact Information

Jaymin Desai

Head of Third-Party Risk

Want to learn more? Watch this video!

Top 10 product
functionality categories

  1. Risk assessment

  2. Risk Review & Scoring

  3. Continous Monitoring

  4. Third-Party Risk Management

  5. Supply Chain Risk Management

  6. Enterprise Risk Management

  7. Unique Custom Risk Prioritization

  8. Efficiently Streamlined Risk Management Program

  9. Risk Performance Insight

  10. Manage Critical Vulnerabilities


RiskRecon, a Mastercard company, is the only continuous vendor monitoring solution delivering risk-prioritized action plans customized to match your risk priorities, providing the easiest path to understanding and acting on third-party cyber risk. With RiskRecon, you can build a scalable, third-party risk management program and realize dramatically better outcomes. Learn more about RiskRecon and request a demo at

Contact Information

Jonathan Ehret

VP of Strategy & Risk

Top 10 product
functionality categories

  1. Vendor Onboarding 

  2. Sourcing RFx 

  3. Inherent Risk Scoring & Vendor Classification

  4. Vendor Due Diligence & Ongoing Monitoring

  5. Vendor Risk Assessments 

  6. SLAs & Vendor Performance Management 

  7. Vendor Contract Management 

  8. Vendor Issue Management 

  9. On-Site Vendor Control Assessments 

  10. Cyber Ratings, Financial Health Scores & ESG Ratings


ProcessUnity Vendor Risk Management protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination.  Through automation and standardization, ProcessUnity customers reduce busy work, streamline regulatory reporting and improve overall visibility into vendor performance.


ProcessUnity is used by the world’s leading financial service firms and commercial enterprises.  The company is headquartered outside Boston, Massachusetts. For more information, visit

Contact Information

Sophia Corsetti, Marketing Communications Specialist


Top 10 product
functionality categories

  1. Security Ratings

  2. Security Data

  3. Professional Services

  4. Third Party Risk

  5. Executive Level reporting

  6. Cyber Insurance 

  7. Due Diligence

  8. Compliance 

  9. Cybersecurity Questionnaires

  10. Security Data for Cybersecurity Service Providers


SecurityScorecard is the global leader in cybersecurity ratings and the only service with over two million companies continuously rated. SecurityScorecard’s patented rating technology is used by over 1,000 organizations for self-monitoring, third-party risk management, board reporting, and cyber insurance underwriting; making all organizations more resilient by allowing them to easily find and fix cybersecurity risks across their externally facing digital footprint. 

SecurityScorecard is the only provider of instant risk ratings that automatically map to vendor cybersecurity questionnaire responses - providing a true 360-degree view of risk.

Contact Information

Michael Boyd

Senior Vice President

Customer Success

If you are a TPRA Vendor Member and are interested in having your Vendor Service Provider Profile featured, contact us using the form below. 

Contact Us