Aravo strives to make the enterprise more responsible, sustainable and ultimately more profitable. Our customers work with us to mitigate risk across their extended enterprise leveraging Aravo’s industry leading TPRM platform, portfolio of 30+ risk applications, and best practice frameworks. Enterprise teams responsible for ensuring suppliers, vendors, partners, and other third parties meet risk and regulatory requirements have Aravo as a trusted technology and business partner who understands their needs for risk visibility, management and mitigation.

Aravo’s solutions incorporate over 22 years of working experience with global brands, over 10 verticals to deliver program expertise, unified visibility and operational agility for our customers’ TPRM initiatives. Our team works to help manage risk and promote integrity for our customers so they can:

• Avoid financial and brand liability

• Focus on growing revenue

• Save money through process and resource efficiencies

Black Kite gives companies a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners and suppliers in an ever changing digital landscape.

Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating.  Black Kite serves more than 1,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers.

Learn more at www.blackkite.com or on the Black Kite blog.

Coverbase is your mission control for automating and managing third-party risk management workflows.

TPRM teams are constantly under water because of highly manual and time-consuming processes that don't accurately assess a company's risk exposure due to vendors. We help TPRM teams automate workflows so they can stay ahead of problems instead of spending all their time keeping up with risk assessments and vendor reviews.

Using Coverbase is akin to having an AI analyst on your TPRM team that automatically processes and keeps a constant eye on these data sources to help your team direct your time more effectively:

• Unstructured documents obtained directly from vendors: SOC 2, penetration test reports, security audit results, API documents

• Industry-leading third-party data sources: AlCybersecurity, Privacy, ESG, Financial, Adverse Media, and Know Your Business data

• Anonymized risk assessment issues, findings, and reports from the broader Coverbase network of vendors

Coverbase allows TPRM leaders to build customized reassessment triggers based on time or risk conditions, and your AI team member automatically emails vendors to initiate the assessment, does a first-pass on submissions, then submits a risk report to you once ready.

Want to supercharge your TPRM function? Contact us to try Coverbase out.

(Coverbase connects to your existing TPRM solutions and does not require a full replacement of platforms you already have in place.)

Exiger is revolutionizing the way corporations, government agencies and banks manage risk through its combination of technology-enabled and SaaS solutions. In recognition of the growing volume and complexity of data and regulation, Exiger is committed to creating a more sustainable risk and compliance environment through its holistic and innovative approach to problem solving. Exiger’s mission to make the world a safer place to do business drives its award-winning AI technology platform built to anticipate the market’s most pressing needs related to evolving ESG, cyber, regulatory/sanctions, third-party and supply chain risk.

Exiger is the leading global SaaS risk management company delivering machine learning and data analytics capabilities to solve end-to-end third party, supply chain, and market intelligence challenges. Exiger’s innovative solution provides automated third party criticality assessments, due diligence, workflow tasks and entity specific risk events that aggregate into a portfolio risk exposure for a full risk view of an entity.

Exiger has been consistently recognized as a leader in the TPRM, SCRM and Risk Management Software markets, winning over 30 AI, RegTech and Supply Chain partner awards.  Learn more at Exiger.com and Follow Exiger on LinkedIn.

GRF builds, develops and connects security information sharing communities for mutual defense. GRF, with nearly 20 years of experience, is a nonprofit provider and hub for cyber, supply chain, physical and geopolitical threat intelligence exchange between information sharing and analysis centers (ISACs), organizations (ISAOs) and computer emergency readiness/response teams (CERTs) from many different sectors and regions around the world. GRF will help your industry develop or enhance a trusted sharing community, obtain actionable intelligence, and support you in emergencies. That’s the power of Global Resilience Federation.

Global Resilience Federation is the evolution of 1998's U.S. Presidential Decision Directive 63 and 2003's Homeland Security Presidential Directive 7 which mandated that the public and private sectors share information about cyber and physical security threats and vulnerabilities to help protect critical infrastructure. GRF was launched in 2017 as a standalone company, from a former Financial Services Information Sharing and Analysis Center (FS-ISAC) division, to coordinate multi-industry sharing and stand-up new sharing communities to be incorporated into that voluntary sharing architecture.

That effort has expanded beyond the United States and critical infrastructure to encompass global organizations, essential industries, and supply chains. GRF members span five continents, working to protect industries deemed critical by most world governments, and others that are essential to the global economy.

As industry and threat actors both adapt, cross-sector sharing is a necessary progression in the security of our modern digital economy.

Business Resilience Council (BRC) | Discount for TPRA Members

The Business Resilience Council (BRC) is a nonprofit, multi-sector, collaborative defense community where members share actionable intelligence, security and resilience best practices and analyst-curated information to help reduce risk and negative impacts across all hazards – cyber, physical, geopolitical, terrorism, major weather events and more. Key working groups focus on operational resilience, disaster recovery, supply chain and third party risk, AI security, and cross-sector exercises.

TPRA Members are eligible to receive 10% off the first year of dues to the BRC. Information was sent via email. If interested, please email us at info@tprassociation.org. 

Lema enables TPRM teams to proactively mitigate third-party risk, with no manual work required. Manual TPRM processes cost you thousands of wasted hours and can create a false sense of security - leaving you exposed. 

With Lema, skip the manual labor to achieve better and faster risk mitigation: 

• Generate a third-party inventory in < 1 week.

• Assess a third-party in < 5 minutes.

• Discover actionable findings that humans could easily miss.

• Instantly detect increases in inherent risk.

• Maintain 100% up-to-date assessment coverage.

Ncontracts’ powerful suite combines risk, compliance, vendor, and findings management solutions to drive efficiency and build a risk management culture resulting in smarter, faster decisions.

Ncontracts provides solutions to a rapidly expanding customer base of over 4,000 financial institutions in the United States. We help financial institutions achieve their compliance and risk management goals with a powerful combination of user-friendly cloud-based software and expert services. The company was named to the Inc. 5000 fastest-growing private companies in America for the fourth consecutive year. For more information, visit www.ncontracts.com or follow the company on LinkedIn and Twitter.

OneTrust is the trust intelligence cloud platform organizations use to transform trust from an abstract concept into a measurable competitive advantage. Organizations globally use OneTrust to enable the responsible use of data while protecting the privacy rights of individuals, implement and report on their cyber security program, make their social impact goals a reality, and create a speak up culture of trust. More than 14,000 customers use OneTrust’s technology, including half of the Global 2,000. OneTrust currently ranks #24 on the Forbes Cloud 100 list of top private cloud companies in the world and employs over 2,000 people in regions across North America, South America, Asia, Europe, and Australia.

Learn more at OneTrust.com.

ProcessUnity Third-Party Risk Management protects companies and their brands by reducing risk from third parties, vendors and suppliers. TPRM expands the scope of risk management to encompass any external party that could pose a risk to an organization, including vendors, contractors, partners and suppliers.

With a single, configurable platform, ProcessUnity helps organizations manage the increasing complexity of supply chains and third-party relationships with tools to identify and assess the risks associated with each external party, monitor third-party performance and ensure external control effectiveness. Our software platform empowers you to proactively manage third-party risks and protect your organization from potential cyber threats and business disruptions.

ProcessUnity is used by the world’s leading financial service firms and commercial enterprises.  The company is headquartered outside Boston, Massachusetts. For more information, visit http://www.processunity.com.

RSM’s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services focused on middle market businesses. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business environment. RSM US LLP is the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with 48,000 people across 120 countries. For more information, visit rsmus.com, explore our third-party risk management services, like us on Facebook, follow us on Twitter and/or connect with us on LinkedIn.

RapidRatings sets the standard for financial health transparency between business partners, transforming the way leading companies manage enterprise and financial risk. The company provides the most sophisticated analysis of the financial health of public and private companies from over 140 countries worldwide.  RapidRatings primary sources private company vendor financial statements directly on behalf of our customers.

Through RapidRatings’ FHR Exchange, an innovative and secure membership platform, businesses can build more meaningful relationships and gain visibility into the financial stability of global suppliers, vendors, and other third parties.

For more info, visit: Third-Party & Vendor Risk Management │RapidRatings

RiskRecon, a Mastercard company, is the only continuous vendor monitoring solution delivering risk-prioritized action plans customized to match your risk priorities, providing the easiest path to understanding and acting on third-party cyber risk. With RiskRecon, you can build a scalable, third-party risk management program and realize dramatically better outcomes. Learn more about RiskRecon and request a demo at riskrecon.com.

Supply Wisdom transforms global business with comprehensive, predictive, real-time risk intelligence. Through continuous monitoring, comprehensive intelligence reports, and real-time alerts, Supply Wisdom speeds business growth, lowers costs, increases security and compliance, and unlocks revenue opportunities. Supply Wisdom’s full-stack AI-based SaaS products turn open-source data into risk intelligence and are the market’s only software to cover all risk domains in real-time: financial, cyber, operational, ESG, compliance, Nth party, and location-based risk. Supply Wisdom clients include Fortune 100 and Global 2000 firms in the financial services, insurance, healthcare, and technology sectors, including United Healthcare, BNY Mellon, and Bank of Ireland. Supply Wisdom values diversity with a global workforce that is currently 57% female.

Contact Supply Wisdom today for a quick demo so you can see how our actionable approach can achieve great results for your company.

For more information, visit our website and follow us on LinkedIn.

TDI is a strategic advisory and risk intelligence firm that helps multinational organizations more effectively manage commercial, regulatory, and reputational risk. We deliver a decisive information advantage to our clients through advisory services, due diligence and investigations, and our flagship product, TDI Diligence Suite, which dramatically increases efficiency and provides clients with critical insights.

TDI Diligence Suite is an enterprise, third-party onboarding and management SaaS system that is specifically designed to help you manage third-party risk. Our platform empowers businesses to unlock accuracy and efficiency with automated third-party onboarding, assessments, due diligence, approvals, and monitoring. TDIDiligence Suite also creates an auditable record of the entire process, provides valuable and easy-to-understand insight into your enterprise risk, and addresses data privacy requirements to provide a clear picture of your entire risk management process.

VISO TRUST is the Next Generation SaaS Third Party Cyber Risk Management Platform that uses human-in-the-loop AI and end-to-end automation to continuously assess the risk posed by current and prospective third party relationships with unprecedented precision, speed and scalability.

Powered by unique patented AI technology called Artifact Intelligence, VISO TRUST streamlines and simplifies TPRM workflows by engaging third parties automatically and collecting artifacts of the security program that already exist.

Artifact Intelligence supports over 25 frameworks and comprehensively determines risk across cybersecurity, privacy, resilience, AI trust, cyber insurance, and product security dimensions. The platform draws third party data from a diverse set of public and private sources and eliminates vendor chasing, and questionnaire-oriented administration, collection, and analysis. Instead, VISO TRUST collects, identifies, and classifies third party program artifacts automatically and then extracts and evaluates controls to determine their level of assurance.

Venminder offers a world-class SaaS platform that guides and streamlines third-party risk management. Today, more than 1,200 customers globally use Venminder to manage the entire end-to-end vendor lifecycle, from onboarding new vendors to ongoing management to offboarding vendors.

Venminder has mastered the art of combining technology with the human experience. This expertise empowers their platform to enable customers to manage vendors, contracts, due diligence tasks, questionnaires, risk assessments, and monitoring. Completed assessments on vendor controls can be ordered through their Vendiligence™ service to reduce due diligence review workloads and include thorough assessments of a vendor’s information security, SOC reports, contracts, financials, business continuity/disaster recovery, and more.

For continuous vendor monitoring, Venmonitor™ provides intelligence for better risk-based decisions. It brings the industry’s best risk intelligence data into one central location, allowing you to screen vendor or supplier performance across multiple risk domains, including cybersecurity, ESG, privacy, Know Your Vendor, business health and credit risk, and adverse media.

For more information, visit venminder.com or follow Venminder on LinkedIn, Twitter and Facebook.

The Whistic platform gives InfoSec teams the power to run world-class third-party risk management and customer trust programs with a single, unified experience that streamlines both sides of the vendor risk assessment process. 

Enable Your Custom TPRM Program 

Easily manage all aspects of your third-party risk program and significantly reduce your company’s potential for a costly data breach. Meet your regulatory compliance and audit requirements in a simple, automated process. 

Manage and Share Your Trust Center 

Substantially reduce inbound questionnaire response requests: manage all of your security and compliance information from one place, making it fast and easy to search, publish, share, and confidently meet a customer’s assessment requirements. 

Connect with Thousands of Companies 

Access the industry’s most robust network of vendors and their customers: securely exchange security and compliance information and conduct on-demand assessments. 

Leverage Integrated AI and Automation 

Let Whisitc AI do the heavy lifting throughout your TPRM processes: summarize, organize, and analyze data, generate content, and automate manual tasks so you can focus on other things. 

Learn more at www.whistic.com.

Free Trial For All TPRA Members

Whistic is offering TPRA members a free trial of their platform. Benefits include:

• Access Whistic’s Trust Catalog and streamline assessments with on-demand, secure access to thousands of robust profiles featuring completed questionnaires and supporting documentation, including SIG’s, CAIQ’s, ISO 27001, SOC 2 and more

• Utilize Whistic Assess to automate end-to-end third-party risk management processes and perform assessments.

• Create your own Trust Center to manage and share your security documentation to close deals faster and eliminate questionnaires.

If you are interested in taking advantage of this offer, contact us at info@tprassociation.org.