Vendor-Provided Resources
Here you can find links to resources supplied by TPRA Vendor Members (TPRM Service Providers). Some of these resources require you to input information to obtain the document.
Note: TPRA does not support one particular service provider over another, nor do we benefit from providing you the links below. Read and implement at your own risk.
If you are a TPRA Vendor Member and have a resource or link you would like to see added to this page, please submit through our Vendor Submissions form, or send it to Meghan Schrader at meghan.schrader@tprassociation.org for review.
Filter by Resource Type
Venminder
What to Do If Your Vendor Has a Negative SOC Report
September 11, 2025
Even for seasoned professionals, reviewing a vendor’s SOC report can be a daunting task. It’s great if there are no red flags, but what do you do if the SOC report is filled with issues that the auditor found? Your organization must determine how to proceed with the vendor, whether that’s addressing the issues or passing on the vendor relationship. This infographic covers the key next steps after an unfavorable SOC report.
Download the infographic to learn:
Next steps after an unfavorable vendor SOC report
Examples of responses to your vendor
Reminders to ensure your review of a vendor’s SOC report is effective
Venminder
The Third-Party Risk Management Lifecycle
September 11, 2025
Regardless of your industry, the third-party risk management lifecycle is a practical, risk-based framework to identify and mitigate issues that come from third-party relationships while also explaining ongoing and offboarding activities. Use this lifecycle to optimize your third-party risk management program resources, achieve regulatory compliance, and protect your organization and its customers from vendor risk.
Download the full lifecycle toolkit that includes:
eBook: A comprehensive guide covering the third-party risk management lifecycle stages
Infographic: A more concise version of the stages of the third-party risk management lifecycle
PowerPoint Template: A customizable template to help train your team about key aspects of third-party risk
Printable 1-Page PDF: An easy-to-print overview of the third-party risk management lifecycle
Venminder
6 Third-Party Risk Management Reports to Maintain
September 11, 2025
Third-party risk management reports should be consistent, accurate, and easily accessible. Stakeholders, such as risk committees, senior leadership, and the board of directors, need high-quality reports that will support their decision-making. Use this infographic as a guideline for important data to collect and continuously update.
Download the infographic to learn:
6 types of third-party risk management reports to develop and maintain
Data to include in the reports
The purpose of each report and how to get started
Pro tips to be aware of
Venminder
Vendor Due Diligence
September 11, 2025
What are the vendor due diligence items you need to consider when reviewing your third parties? There are many due diligence related documents and information to gather. Use this handy checklist when thinking through the vendor due diligence you should be collecting and assessing.
Download this checklist for:
What items you should consider gathering
Keep track and check off each item as you complete your process
Have confidence thorough vendor due diligence is being performed
Venminder
How-to Guide: Creating a Vendor Risk Questionnaire
September 11, 2025
Understanding the risk, whether for a new or existing third-party product or service, often starts with a questionnaire. Creating a questionnaire in and of itself can be quite a large task. A questionnaire shouldn’t be confused with a risk assessment as they’re two distinct items. Download the guide to learn our recommended steps for how to create a vendor risk questionnaire.
Download the eBook to learn:
Steps to creating your vendor questionnaire
Tailoring questionnaires to the type of vendor
Risk categories to consider
How vendor questionnaires lead to proper oversight
Venminder
Building an Effective Vendor Management Program
September 11, 2025
Financial, operational, and reputational risk are all fundamental negative exposure pain points you must be aware of and protect against. The number of data breaches reported lately is a reminder that the importance of third-party oversight has never been greater. In this infographic, learn the 9 steps to developing an effective vendor management program by placing emphasis on highlighting and mitigating risk.
Download this infographic to learn:
9 steps to developing an effective vendor risk management program
The importance of analyzing vendor due diligence documents
How your contract management program can impact your ability to truly manage a third party
Venminder
The Differences Between Vendor Assessments, Questionnaires, Due Diligence, and Continuous Monitoring
September 11, 2025
It’s not uncommon for vendor risk assessment terms to get mixed up or seem like the same thing. However, while all are important, there are differences to be aware of between questionnaires, risk assessments, due diligence, and continuous monitoring. These four activities will tell you the type and amount of risk associated with the vendor, the effectiveness of the vendor’s control environment, and whether the risk is changing.
Download the infographic to learn:
The differences between inherent risk assessments, vendor risk questionnaires, due diligence, and vendor risk assessments
The what, why, and when of each
Ongoing activities such as continuous monitoring, risk re-assessments, and due diligence reviews
Tips to remember
Venminder
Separating Vendor Criticality From Risk Ratings
September 11, 2025
When managing vendor risk, there's often confusion surrounding critical and high risk. Many mistakenly consider these terms synonymous, but they're not.
There's an important difference between these terms and how they should be applied. This infographic outlines how to separate criticality from various risk ratings.
Download the infographic to learn:
Criticality vs risk ratings
What a risk rating is
How to manage critical and high-risk vendors
Venminder
How to Engage, Educate, and Enable Your Vendor Managers
September 11, 2025
Successful vendor risk management requires more than a policy, software and a framework. It requires the teamwork of stakeholders across the organization, and vendor managers play a crucial role. Still, vendor risk management teams report that getting the vendor managers’ full engagement and participation is a constant struggle. Why is this predicament so common? How can resistance from the line of business be addressed?
To help vendor risk management teams build and maintain effective and mutually beneficial relationships with their line of business vendor managers, it’s important to understand the “3 E’s” - Engagement, Education and Enablement. Establishing or improving these relationships is often a necessary first step in effectively executing vendor risk management across the organization.
OneTrust
Third-party risk: A growing spiderweb
September 11, 2025
The number of businesses in the world has increased drastically in recent years, and the need for third-party suppliers has grown with it. With additional external dependencies in the form of third parties and vendors comes a widened risk landscape. Left unmonitored, threats and security incidents can become pervasive and cripple your business.
In this infographic, you’ll learn:
How many surveyed companies have expanded their third-party network
The percent of businesses that have experienced significant disruptions caused by third parties
The amount of organizations that have given more access to external partners