TPRM Service Provider Profiles
What are TPRM Service Provider Profiles?
TPRM Service Provider Profiles are specific to TPRA Vendor Members and provide organizations with descriptive and concise snapshots of individual service provider capabilities and information. These profiles assist with understanding and evaluating service provider capabilities to make product/service decisions and aid in fostering communication and connection between organizations.
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Onboarding and Transactional Enablement
Enhanced Due Diligence
Intake & Scope
Engagement-level Risk Assessment
Risk Management Lifecycle
Termination & Off-boarding
Continuous Monitoring & Management
Contract Management
Supplier Performance Management
Issue Management and Remediation
Aravo strives to make the enterprise more responsible, sustainable and ultimately more profitable. Our customers work with us to mitigate risk across their extended enterprise leveraging Aravo’s industry leading TPRM platform, portfolio of 30+ risk applications, and best practice frameworks. Enterprise teams responsible for ensuring suppliers, vendors, partners, and other third parties meet risk and regulatory requirements have Aravo as a trusted technology and business partner who understands their needs for risk visibility, management and mitigation.
Aravo’s solutions incorporate over 22 years of working experience with global brands, over 10 verticals to deliver program expertise, unified visibility and operational agility for our customers’ TPRM initiatives. Our team works to help manage risk and promote integrity for our customers so they can:
Avoid financial and brand liability
Focus on growing revenue
Save money through process and resource efficiencies
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Cyber Risk Intelligence
Third Party/Supply Chain Risk Management
Continuous Monitoring
Financial Risk Quantification
Ransomware Risk Assessment
Automated Compliance Mapping
Vendor Risk Mitigation (with Prioritization)
Vulnerability Assessment
Threat Intelligence
Standards-Based Methodology
Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners and suppliers in an ever changing digital landscape.
Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 1,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.
Learn more at www.blackkite.com or on the Black Kite blog.
CONTACT INFORMATION
Johnathan Bald
VP of of Sales, North America
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
AI Workflow Automation
AI Vendor Outreach
AI Risk Assessment Reviews
AI Document Reviews
False Positive Alert Filtering
Enhanced Vendor Due Diligence
Real-time Continuous Monitoring
SLA Monitoring & Reporting
Issue Management
Reports & Dashboards
Coverbase is your mission control for automating and managing third-party risk management workflows.
TPRM teams are constantly under water because of highly manual and time-consuming processes that don't accurately assess a company's risk exposure due to vendors. We help TPRM teams automate workflows so they can stay ahead of problems instead of spending all their time keeping up with risk assessments and vendor reviews.
Using Coverbase is akin to having an AI analyst on your TPRM team that automatically processes and keeps a constant eye on these data sources to help your team direct your time more effectively:
Unstructured documents obtained directly from vendors: SOC 2, penetration test reports, security audit results, API documents
Industry-leading third-party data sources: AlCybersecurity, Privacy, ESG, Financial, Adverse Media, and Know Your Business data
Anonymized risk assessment issues, findings, and reports from the broader Coverbase network of vendors
Coverbase allows TPRM leaders to build customized reassessment triggers based on time or risk conditions, and your AI team member automatically emails vendors to initiate the assessment, does a first-pass on submissions, then submits a risk report to you once ready.
Want to supercharge your TPRM function? Contact us to try Coverbase out.
(Coverbase connects to your existing TPRM solutions and does not require a full replacement of platforms you already have in place.)
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Third Party & Supply Chain Risk Management and Monitoring, with risk coverage across:
Cyber
Environmental, Social, Governance (ESG)
Reputational, Criminal, Regulatory
Modern Slavery
Operational Risk
Foreign Ownership, Control and Influence
Financial Health
Sanctions/Watchlist Screening
Corporate Ownership Unwrapping
Automated Due Diligence and Monitoring
Full Spectrum Due Diligence
Supply Chain Illumination & Risk Assessment
Risk Management Advisory
Exiger is revolutionizing the way corporations, government agencies and banks manage risk through its combination of technology-enabled and SaaS solutions. In recognition of the growing volume and complexity of data and regulation, Exiger is committed to creating a more sustainable risk and compliance environment through its holistic and innovative approach to problem solving. Exiger’s mission to make the world a safer place to do business drives its award-winning AI technology platform built to anticipate the market’s most pressing needs related to evolving ESG, cyber, regulatory/sanctions, third-party and supply chain risk.
Exiger is the leading global SaaS risk management company delivering machine learning and data analytics capabilities to solve end-to-end third party, supply chain, and market intelligence challenges. Exiger’s innovative solution provides automated third party criticality assessments, due diligence, workflow tasks and entity specific risk events that aggregate into a portfolio risk exposure for a full risk view of an entity.
Exiger has been consistently recognized as a leader in the TPRM, SCRM and Risk Management Software markets, winning over 30 AI, RegTech and Supply Chain partner awards. Learn more at Exiger.com and Follow Exiger on LinkedIn.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Topic-based working groups to collaborate with industry experts
Cross-sector chatrooms for real-time collaboration and information sharing
Information sharing portal All source and multi-sector alerts and reports
Resilience focused analysis
Event-driven Situational Awareness Dashboard
Multi-sector Situational Awareness Reports
Threat and resilience discussions and presentations
Event-driven emergency member meetings
Peer-to-peer collaboration and information exchange across the Global Resilience Federation ISAC/ISAO network
Participation in exercises and development of the Operational Resilience Framework, security standards, and playbooks
GRF builds, develops and connects security information sharing communities for mutual defense. GRF, with nearly 20 years of experience, is a nonprofit provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis centers (ISACs), organizations (ISAOs) and computer emergency readiness/response teams (CERTs) from many different sectors and regions around the world. GRF will help your industry develop or enhance a trusted sharing community, obtain actionable intelligence, and support you in emergencies. That’s the power of Global Resilience Federation.
Global Resilience Federation is the evolution of 1998's U.S. Presidential Decision Directive 63 and 2003's Homeland Security Presidential Directive 7 which mandated that the public and private sectors share information about cyber and physical security threats and vulnerabilities to help protect critical infrastructure. GRF was launched in 2017 as a standalone company, from a former Financial Services Information Sharing and Analysis Center (FS-ISAC) division, to coordinate multi-industry sharing and stand-up new sharing communities to be incorporated into that voluntary sharing architecture.
That effort has expanded beyond the United States and critical infrastructure to encompass global organizations, essential industries, and supply chains. GRF members span five continents, working to protect industries deemed critical by most world governments, and others that are essential to the global economy.
As industry and threat actors both adapt, cross-sector sharing is a necessary progression in the security of our modern digital economy.
Business Resilience Council (BRC) | Discount for TPRA Members
The Business Resilience Council (BRC) is a nonprofit, multi-sector, collaborative defense community where members share actionable intelligence, security and resilience best practices and analyst-curated information to help reduce risk and negative impacts across all hazards – cyber, physical, geopolitical, terrorism, major weather events and more. Key working groups focus on operational resilience, disaster recovery, supply chain and third party risk, AI security, and cross-sector exercises.
TPRA Members are eligible to receive 10% off the first year of dues to the BRC. Information was sent via email. If interested, please email us at info@tprassociation.org.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Automatic third-party assessment.
Automatic third-party artifact gap analysis.
Actionable risk findings.
Always up-to-date third-party inventory.
One-click reporting.
Third-party threat intelligence feed.
Comparing third-party promises to actual behaviour.
Continuous third-party risk assessment & monitoring.
Fourth-party mapping.
Automated compliance mapping.
Lema enables TPRM teams to proactively mitigate third-party risk, with no manual work required. Manual TPRM processes cost you thousands of wasted hours and can create a false sense of security - leaving you exposed.
With Lema, skip the manual labor to achieve better and faster risk mitigation:
Generate a third-party inventory in < 1 week.
Assess a third-party in < 5 minutes.
Discover actionable findings that humans could easily miss.
Instantly detect increases in inherent risk.
Maintain 100% up-to-date assessment coverage.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Enterprise risk management
Third-party vendor management
Regulatory compliance management and change management
Lending compliance, including fair lending analytics
Automated findings management
Business continuity planning & testing
Audit & compliance reviews management
Virtual employee engagement
Risk performance management
Vendor cybersecurity monitoring
Ncontracts’ powerful suite combines risk, compliance, vendor, and findings management solutions to drive efficiency and build a risk management culture resulting in smarter, faster decisions.
Ncontracts provides solutions to a rapidly expanding customer base of over 4,000 financial institutions in the United States. We help financial institutions achieve their compliance and risk management goals with a powerful combination of user-friendly cloud-based software and expert services. The company was named to the Inc. 5000 fastest-growing private companies in America for the fourth consecutive year. For more information, visit www.ncontracts.com or follow the company on LinkedIn and Twitter.
CONTACT INFORMATION
Rashida Holmes
SVP, Partnerships & Outreach
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Risk Assessments and Mitigation
Vendor Evaluation and Automated Onboarding
Risk Analytics and Control Gaps Report on Thousands of Vendors
Ongoing Monitoring and Risk Alerts
Auto Inherent Risk Insights to Prioritize Vendors
Built-in Cyber Risk & ESG Ratings
Vendor Scorecards and Comparison
Audit-Ready Reporting and Dashboards
Automated Workflows to Increase Collaboration
OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. More than 14,000 customers use OneTrust’s technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia.
Learn more at OneTrust.com.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Vendor Onboarding
Sourcing RFx
Inherent Risk Scoring & Vendor Classification
Vendor Due Diligence & Ongoing Monitoring
Vendor Risk Assessments
SLAs & Vendor Performance Management
Vendor Contract Management
Vendor Issue Management
On-Site Vendor Control Assessments
Cyber Ratings, Financial Health Scores & ESG Ratings
ProcessUnity Third-Party Risk Management protects companies and their brands by reducing risk from third parties, vendors and suppliers. TPRM expands the scope of risk management to encompass any external party that could pose a risk to an organization, including vendors, contractors, partners and suppliers.
With a single, configurable platform, ProcessUnity helps organizations manage the increasing complexity of supply chains and third-party relationships with tools to identify and assess the risks associated with each external party, monitor third-party performance and ensure external control effectiveness. Our software platform empowers you to proactively manage third-party risks and protect your organization from potential cyber threats and business disruptions.
ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. The company is headquartered outside Boston, Massachusetts. For more information, visit http://www.processunity.com.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Managed services for due diligence
Vendor risk assessments (onsite or remote)
Third-party risk management program audit/assessment
Third-party risk management program building
Dashboarding and analytics
Cyber resiliency
Advisory services
Regulatory guidance related to third-party relationships
Access to subject matter resources across risk topics
Specialized vendor audits
RSM’s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services focused on middle market businesses. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business environment. RSM US LLP is the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with 48,000 people across 120 countries. For more information, visit rsmus.com, explore our third-party risk management services, like us on Facebook, follow us on Twitter and/or connect with us on LinkedIn.
CONTACT INFORMATION
Amy Feldman
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
In-depth financial analysis of global public and private companies
Global financial data and private company ratings sourced from over 150 countries.
Risk Assessment, TPRM, supply chain management
Predictive analytics, with a 90% accuracy rate
Financial Reports that are easily digestible, accessible, and shareable
Vetting, onboarding new suppliers, and monitoring existing suppliers
Comprehensive Reporting Suite and predictive analytics
API Integrations
Configurable program/category dashboards
73 ratios for a quantitative analysis on core health and financial resiliency
RapidRatings sets the standard for financial health transparency between business partners, transforming the way leading companies manage enterprise and financial risk. The company provides the most sophisticated analysis of the financial health of public and private companies from over 140 countries worldwide. RapidRatings primary sources private company vendor financial statements directly on behalf of our customers.
Through RapidRatings’ FHR Exchange, an innovative and secure membership platform, businesses can build more meaningful relationships and gain visibility into the financial stability of global suppliers, vendors, and other third parties.
For more info, visit: Third-Party & Vendor Risk Management │RapidRatings
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Risk assessment
Risk Review & Scoring
Continous Monitoring
Third-Party Risk Management
Supply Chain Risk Management
Enterprise Risk Management
Unique Custom Risk Prioritization
Efficiently Streamlined Risk Management Program
Risk Performance Insight
Manage Critical Vulnerabilities
RiskRecon, a Mastercard company, is the only continuous vendor monitoring solution delivering risk-prioritized action plans customized to match your risk priorities, providing the easiest path to understanding and acting on third-party cyber risk. With RiskRecon, you can build a scalable, third-party risk management program and realize dramatically better outcomes. Learn more about RiskRecon and request a demo at riskrecon.com.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Full-spectrum supplier risk intelligence with coverage for the following risk domains:
Financial Risk
Cyber Risk
SG Risk
Compliance Risk
Operations Risk
Nth Parties
Locations
Accessible as real-time and continuous full-spectrum risk monitoring for suppliers and locations, comprehensive one-time risk reports, or instant risk scans.
Supply Wisdom transforms global business with comprehensive, predictive, real-time risk intelligence. Through continuous monitoring, comprehensive intelligence reports, and real-time alerts, Supply Wisdom speeds business growth, lowers costs, increases security and compliance, and unlocks revenue opportunities. Supply Wisdom’s full-stack AI-based SaaS products turn open-source data into risk intelligence and are the market’s only software to cover all risk domains in real-time: financial, cyber, operational, ESG, compliance, Nth party, and location-based risk. Supply Wisdom clients include Fortune 100 and Global 2000 firms in the financial services, insurance, healthcare, and technology sectors, including United Healthcare, BNY Mellon, and Bank of Ireland. Supply Wisdom values diversity with a global workforce that is currently 57% female.
Contact Supply Wisdom today for a quick demo so you can see how our actionable approach can achieve great results for your company.
For more information, visit our website and follow us on LinkedIn.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Third Party Risk Management and Onboarding
End-to-End Workflow Management
Configurable Risk Model / Risk Segmentation
Nth Party Relationship Management
Third Party Risk Screening & Monitoring (Sanctions, Watchlists, PEPs, Adverse Media)
Programmatic Due Diligence
Diligence Ordering
Escalation to Enhanced Due Diligence and Investigations
Additional Features for Specific Sectors: MedTech, Energy, Manufacturing, Private Equity
Configurable to Client Needs
TDI is a strategic advisory and risk intelligence firm that helps multinational organizations more effectively manage commercial, regulatory, and reputational risk. We deliver a decisive information advantage to our clients through advisory services, due diligence and investigations, and our flagship product, TDI Diligence Suite, which dramatically increases efficiency and provides clients with critical insights.
TDI Diligence Suite is an enterprise, third-party onboarding and management SaaS system that is specifically designed to help you manage third-party risk. Our platform empowers businesses to unlock accuracy and efficiency with automated third-party onboarding, assessments, due diligence, approvals, and monitoring. TDIDiligence Suite also creates an auditable record of the entire process, provides valuable and easy-to-understand insight into your enterprise risk, and addresses data privacy requirements to provide a clear picture of your entire risk management process.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
AI
Third Party Risk Assessments
Continuous Monitoring
Security Artifact Collection
TPRM Auditing
Third Party Data
Risk Management
Risk Alerts
Vendor Recommendations
Lifecycle Management
VISO TRUST is the Next Generation SaaS Third Party Cyber Risk Management Platform that uses human-in-the-loop AI and end-to-end automation to continuously assess the risk posed by current and prospective third party relationships with unprecedented precision, speed and scalability.
Powered by unique patented AI technology called Artifact Intelligence, VISO TRUST streamlines and simplifies TPRM workflows by engaging third parties automatically and collecting artifacts of the security program that already exist.
Artifact Intelligence supports over 25 frameworks and comprehensively determines risk across cybersecurity, privacy, resilience, AI trust, cyber insurance, and product security dimensions. The platform draws third party data from a diverse set of public and private sources and eliminates vendor chasing, and questionnaire-oriented administration, collection, and analysis. Instead, VISO TRUST collects, identifies, and classifies third party program artifacts automatically and then extracts and evaluates controls to determine their level of assurance.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Onboarding, Ongoing Management, Offboarding
Outsourced Due Diligence
Risk Assessments
Questionnaires
Contract Management
Oversight Management & Automation
Cross-Domain Continuous Monitoring
SLA Management
Issue Management
Reports & Dashboards
Venminder offers a world-class SaaS platform that guides and streamlines third-party risk management. Today, more than 1,200 customers globally use Venminder to manage the entire end-to-end vendor lifecycle, from onboarding new vendors to ongoing management to offboarding vendors.
Venminder has mastered the art of combining technology with the human experience. This expertise empowers their platform to enable customers to manage vendors, contracts, due diligence tasks, questionnaires, risk assessments, and monitoring. Completed assessments on vendor controls can be ordered through their Vendiligence™ service to reduce due diligence review workloads and include thorough assessments of a vendor’s information security, SOC reports, contracts, financials, business continuity/disaster recovery, and more.
For continuous vendor monitoring, Venmonitor™ provides intelligence for better risk-based decisions. It brings the industry’s best risk intelligence data into one central location, allowing you to screen vendor or supplier performance across multiple risk domains, including cybersecurity, ESG, privacy, Know Your Vendor, business health and credit risk, and adverse media.
For more information, visit venminder.com or follow Venminder on LinkedIn, Twitter and Facebook.
CONTACT INFORMATION
TOP 10 PRODUCT FUNCTIONALITY CATEGORIES
Total Third-Party Risk Management
Fast, Efficient Vendor Assessments
Automated Questionnaire Reponse
Security Exchange for On-Demand Assessments
AI-Powered Workflows
TPRM Lifecycle: Intake, Calculate Risk, Assess, Monitor
Trust Center: Manage, Publish, and Share Security Compliance Info
Access to 40+ Questionnaires and Frameworks
SOC 2 Summarization
Salesforce and Slack Integrations
The Whistic platform gives InfoSec teams the power to run world-class third-party risk management and customer trust programs with a single, unified experience that streamlines both sides of the vendor risk assessment process.
Enable Your Custom TPRM Program
Easily manage all aspects of your third-party risk program and significantly reduce your company’s potential for a costly data breach. Meet your regulatory compliance and audit requirements in a simple, automated process.
Manage and Share Your Trust Center
Substantially reduce inbound questionnaire response requests: manage all of your security and compliance information from one place, making it fast and easy to search, publish, share, and confidently meet a customer’s assessment requirements.
Connect with Thousands of Companies
Access the industry’s most robust network of vendors and their customers: securely exchange security and compliance information and conduct on-demand assessments.
Leverage Integrated AI and Automation
Let Whisitc AI do the heavy lifting throughout your TPRM processes: summarize, organize, and analyze data, generate content, and automate manual tasks so you can focus on other things.
Learn more at www.whistic.com.
Free Trial For All TPRA Members
Whistic is offering TPRA members a free trial of their platform. Benefits include:
Access Whistic’s Trust Catalog and streamline assessments with on-demand, secure access to thousands of robust profiles featuring completed questionnaires and supporting documentation, including SIG’s, CAIQ’s, ISO 27001, SOC 2 and more
Utilize Whistic Assess to automate end-to-end third-party risk management processes and perform assessments.
Create your own Trust Center to manage and share your security documentation to close deals faster and eliminate questionnaires.
If you are interested in taking advantage of this offer, contact us at info@tprassociation.org.