What department typically owns the Third Party due diligence/assessment process?

Third Party Risk Management (TPRM)

Procurement13%

Operational Risk45%

Audit20%

Vendor Risk Management 10%

Cybersecurity10%

Legal2%

84 PARTICIPANTS

1.3k views

Content you might like

For European companies with DORA requirements – DORA expects to have in place exit strategies for critical IT providers, and internal IT providers. How are you handling exit strategies for internal IT providers (especially when they're set up as separate legal entities within your group)? More importantly, has anyone actually conducted the required exit strategy tests for internal providers, and if so, how did you approach it?

Certificates of Insurance (COI): Collecting from Suppliers for Risk Mitigation • Does your company collect COIs annually from your suppliers? • What criteria do you use to determine from which suppliers to collect COIs annually? Are there industry benchmarks for this?

Read More Comments

Does your security awareness training address files shared over communications platforms like Microsoft Teams?

Yes75%

No24%

Other (comment below)1%

View Results

How are you managing Section 232 derivative data collection besides Microsoft Excel? Any tools out there to help expedite the process?

When sourcing new cyber tools, do you conduct a separate evaluation to assess the vendor independently of their product?

Yes 61%

Only in some cases 36%

No3%

View Results