What department typically owns the Third Party due diligence/assessment process?

Third Party Risk Management (TPRM)

Procurement15%

Operational Risk45%

Audit19%

Vendor Risk Management 9%

Cybersecurity10%

Legal3%

80 PARTICIPANTS

1.3k views

Content you might like

Have you read the Cyber Safety Review Board’s report on Log4j? https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf

Yes22%

I’ve started reading it.32%

No, but I plan to read it.42%

No, and I don’t plan to read it.2%

View Results

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Read More Comments

Has Log4j led your organization to revise how it does third-party risk assessment?

Yes, significantly.30%

Yes, partly.57%

No11%

Other (comment below!)1%

View Results

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

Has anyone moved to a third party support for Hyperion (like Rimini Street)? If so, what pitfalls should we look out for and would you recommend it if we are 2-3 years from moving to a new solution?