What department typically owns the Third Party due diligence/assessment process?

Third Party Risk Management (TPRM)

Procurement13%

Operational Risk44%

Audit21%

Vendor Risk Management 10%

Cybersecurity10%

Legal2%

91 PARTICIPANTS

1.3k views

Content you might like

For European companies with DORA requirements – DORA expects to have in place exit strategies for critical IT providers, and internal IT providers. How are you handling exit strategies for internal IT providers (especially when they're set up as separate legal entities within your group)? More importantly, has anyone actually conducted the required exit strategy tests for internal providers, and if so, how did you approach it?

Certificates of Insurance (COI): Collecting from Suppliers for Risk Mitigation • Does your company collect COIs annually from your suppliers? • What criteria do you use to determine from which suppliers to collect COIs annually? Are there industry benchmarks for this?

Read More Comments

Has Log4j led your organization to revise how it does third-party risk assessment?

Yes, significantly.28%

Yes, partly.55%

No14%

Other (comment below!)1%

View Results

How are you managing Section 232 derivative data collection besides Microsoft Excel? Any tools out there to help expedite the process?