Peer-Driven Insights

Third Party Risk Management (TPRM)

Active Ambassadors in This Topic

Melinda Lemke

King Spalding

Services (non-Government), 1k - 5k

Wayne Banks

SAP

Finance (non-banking), 10k+

Martin Jung

Premera Blue Cross

Healthcare and Biotech, 1k - 5k

View All Community Ambassadors

Community Posts

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Read More Comments

What processes do you rely on to address risks from rogue cloud tenants that the security team doesn’t have visibility of?

Read More Comments

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

What are the main hurdles you face when verifying a CSP’s compliance and security measures after an update? How are you addressing these issues so far?

Will you continue to use Oracle now that it's being sued for violating users privacy?

Yes37%

Maybe44%

No15%

Unsure3%

View Results

Has anyone moved to a third party support for Hyperion (like Rimini Street)? If so, what pitfalls should we look out for and would you recommend it if we are 2-3 years from moving to a new solution?

What is the top cybersecurity issue your organization is facing?

Data breaches due to remote work6%

Ransomware attacks53%

Lack of a corporate security plan24%

Missing security patches8%

Failure to inform employees of threats4%

Other (please specify)2%

View Results

What are the main 10 features requested in a GRC platform?

Read More Comments

Are organizations managing IT security internally, or are they outsourcing to specialized security companies?

If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Read More Comments

What metrics are most useful for measuring 3rd party risk?

Read More Comments

How do you ask your third parties to notify you if they have had a cyber incident? Does your process work efficiently?

Read More Comments

How are you assessing the security posture of third-party APIs the business relies on? What criteria do you use currently?

Read More Comments

When it comes to pros/cons of shadow IT, does your POV on this change for GenAI apps? Are there more pros outweighing the cons in those cases, or is it just too risky to be beneficial?

Read More Comments

What tool did you adopt to support your third-party risk management practice?

Are you using a partner ecosystem management platform?

Yes (share platform name in a comment if you can)82%

No17%

What kind of roadblocks are you running into with SBOMs? Have you found ways to address those issues yet?