Vendor-Provided Resources
Here you can find links to resources supplied by TPRA Vendor Members (TPRM Service Providers). Some of these resources require you to input information to obtain the document.
Note: TPRA does not support one particular service provider over another, nor do we benefit from providing you the links below. Read and implement at your own risk.
If you are a TPRA Vendor Member and have a resource or link you would like to see added to this page, please submit through our Vendor Submissions form, or send it to Meghan Schrader at meghan.schrader@tprassociation.org for review.
Filter by Resource Type
Venminder
State of Third-Party Risk Management 2024 Whitepaper
September 11, 2025
Venminder’s State of Third-Party Risk Management 2024 whitepaper provides insight into how organizations manage third-party risk today. Results provide an in-depth look at current practices, challenges, compliance incentives, and third-party risk management benefits for organizations to benchmark their performance and processes against their peers.
For this eighth whitepaper, Venminder surveyed individuals from a wide variety of organizations and industries, including financial services, fintech, retail, food services, insurance, healthcare, information technology, and more, in a nice balance of different sizes ranging from less than $1B assets or less than 100 employees to more than $10B assets or more than 5,000 employees.
This invaluable resource is full of third-party risk industry statistics, providing information you need to be aware of to make informed decisions on topics such as:
Organizational structure
Program investment
Vendor landscape
Vendor risk assessments
Vendor due diligence questionnaires and documentation requirements
Third-party risk management metrics
Regulatory focus and exam/audit results
Third-party risk management pressures
Emerging vendor risks (such as cybersecurity, artificial intelligence, ESG, supplier diversity)
Third-party risk management challenges
Third-party risk management ROI
And much more!
Grab a copy!
Supply Wisdom
Weekly Update: Global Supply Chain Disruptions - The Tigray Conflict: A Humanitarian Crisis in Ethiopia
September 11, 2025
The Tigray conflict is one of the most prominent and long-lasting conflicts in Ethiopia. It began in November 2020 when the Ethiopian Government launched a military offensive against the Tigray People's Liberation Front (TPLF) in the Tigray region.
Exiger
Taking a Closer Look at Three Major Risks to Cotton Sourcing | Blog | Exiger
September 11, 2025
To mitigate risks associated with cotton sourcing, it’s crucial to understand the market forces at play and the restrictions that exert pressure on both suppliers and business customers. Our latest white paper takes a closer look at three of these major risks.
Exiger
Modern Slavery: Supply Chain Lessons Learned Since the UFLPA Was Enacted
September 11, 2025
Exiger recently hosted a panel discussion with trade, technology and security experts to reflect on the law’s enforcement and what lies ahead. Key insights emerged on why the law is so significant and what supply chain lessons businesses can learn today to continue to comply with the UFLPA. See the highlights below.
Venminder
Identifying Critical Vendors: 6 Fool-Proof Questions
September 11, 2025
Your critical vendors provide products or services which your organization is highly dependent on. One of the most challenging exercises in third-party risk management is how to establish standards for identifying who those critical vendors are. Learn the questions you can ask to determine if a vendor is critical or non-critical.
Download the infographic to learn:
How to determine the criticality of your vendors
Examples of critical third parties at your organization
The distinction between a critical and high-risk vendor
Venminder
7 Takeaways From the Final Interagency Third-Party Risk Management Guidance
September 11, 2025
In June, the Federal Reserve Board (the Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released official interagency guidance on managing third-party relationships and banks of all sizes are expected to comply now. What does this mean for your third-party risk management program? This eBook covers some of the essential details and highlights new or expanded expectations.
Download the eBook to learn:
Who is covered under the new guidance
7 key takeaways from the guidance
Common questions about the guidance with answers
Venminder
State of Third-Party Risk Management 2023 | Whitepaper | Venminder
September 11, 2025
Results from Venminder’s seventh annual Third-Party Risk Management survey provides an in-depth look at current practices, challenges, compliance incentives, and third-party risk management benefits. This whitepaper is full of industry statistics from data collected on a wide variety of organizations and industries, including financial services, fintech, retail, food services, insurance, healthcare, information technology, and more in a nice balance of different sizes ranging from less than $1B assets or less than 100 employees to more than $10B assets or more than 5,000 employees. While third-party risk management is a well-established practice, it’s also a constantly evolving one. Organizations of all sizes and industries must continually adapt and change to effectively identify, assess, manage, and monitor vendor risks.
Download the whitepaper for industry stats and best practices you need to be aware of to make informed decisions on topics such as:
Organizational structure and program investment
Vendor landscape and operating models
Vendor risk assessments and vendor due diligence questionnaires and requirements
TPRM metrics, pressures, emerging risks, ROI
Outsourcing TPRM
And much more!
Venminder
Third-Party Risk Management Guidance and Regulations
September 11, 2025
Third-party risk management guidelines and regulations are no longer only issued by financial services regulatory agencies. Many other industries are seeing the value in managing risk and looking at it with more scrutiny. And, it’s always recommended to look to one another and follow current third-party risk management best practices. This eBook contains helpful information and tips to comply with some of the third-party risk management best practices.
Download the eBook to learn:
Industry regulators and guidance and regulations to be aware of
Key takeaways from each one
Tips to comply with TPRM guidance and regulations
Venminder
Third-Party Risk Management Policy Template
September 11, 2025
Writing and updating a third-party risk management policy can be a time-consuming process, and without guidance or help, it can be challenging to know where to start.
These two valuable templates can be used as the foundation to customize and align to your organization’s third-party risk management framework. Each policy contains best practices and processes to meet regulatory requirements and/or follow the third-party risk management lifecycle.
Download the templates for:
Two customizable and fillable third-party risk management policy documents
Instructions and supporting guides to assist
Best practice structure and flow
Following regulatory requirements in your third-party risk management policy
Aligning to the third-party risk management lifecycle
Venminder
How to Do a Vendor Risk Assessment
September 11, 2025
Performing a vendor risk assessment can be intimidating, but it’s a worthwhile time investment and a necessary component of a third-party risk management program. You don’t know the risk elements and level of risk associated with a vendor until you do one. Learn the tried-and-true steps to completing a vendor risk assessment by downloading this infographic.
Download the infographic to learn:
Steps to complete a vendor risk assessment
Determining inherent and residual vendor risk
Next steps after the vendor risk assessment