Standard Trust Portal Guidance for Third Party Risk Management (TPRM)
The Third Party Risk Association (TPRA), in partnership with leading third party risk management service providers, is pleased to provide TPRM professionals with the Standard Trust Portal Guidance for Third Party Risk Management (TPRM).
Definition
A Trust Portal is a centralized hub that provides transparent, self-service access to security, compliance, privacy, and governance information pertaining to the (third party) organization. It enables prospects and customers to review security posture instantly, allowing TPRM practitioners to more easily and quickly evaluate the effectiveness of a third party's control environment.
About the Guidance
The Trust Portal Guidance establishes a standardized, industry-aligned approach to due diligence, reducing assessment effort through the creation and ongoing maintenance of transparent, evidence-based trust portals. The guidance aims to empower practitioners, vendors, regulators, and platform providers to align around a single, trusted model that reflects industry expectations and best practices for transparency, efficiency, and responsible evidence sharing. It also supports AI-driven TPRM technologies by standardizing evidence formats for automated review and analysis.
How to Use it
The Standard Trust Portal Guidance is intended to be shared by practitioners with their third parties and supply chain vendors as a practical resource to support the development, enhancement, and consistent operation of trust portals. This in-turn helps to standardize how security, risk, and compliance information is communicated to practitioners and TPRM service providers. By encouraging third parties to align with this guidance, practitioners can reduce friction in due diligence, improve transparency, and accelerate access to reliable information. Broad adoption across the industry will create a more consistent and scalable model for information sharing, ultimately making third party risk management more efficient for everyone involved.
Benefits of a Trust Portal
PRACTITIONERS
Reduces questionnaire fatigue, improves review quality, and saves time through standardized, AI-friendly evidence formats.
VENDORS/THIRD PARTIES
Demonstrates maturity and transparency; less time answering one-off questionnaires.
REGULATORS
Encourages uniformity and accountability in demonstrating control effectiveness.
SERVICE PROVIDERS
Provides a shared framework to enable AI and automation in TPRM workflows.
Download Now →
This resource is in DRAFT and is currently open for comment. The comment period is from Monday, May 4th, to the end of business day on Friday, July 3rd. Once all comments are reviewed and edits are made to the document, a final version of the guidance will be released to the public.
Please use the form linked below to submit comments.
Trust Center Pillars
TRANSPARENCY
Open, accessible trust data for responsible risk decisions.
EFFICIENCY
Automated, reusable evidence.
TRUST
Verified information driving stronger partnerships.
INNOVATION
Enabling AI-ready, proactive due diligence.
Acknowledgements & Contributors
Thank you to the following organizations, which contributed perspectives and subject matter expertise to help shape this guidance (displayed in alphabetical order):
