What department typically owns the Third Party due diligence/assessment process?

Third Party Risk Management (TPRM)

Procurement15%

Operational Risk44%

Audit19%

Vendor Risk Management 10%

Cybersecurity10%

Legal2%

81 PARTICIPANTS

1.3k views

Content you might like

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

Do you use a central monitoring system for all security alerts?

Yes56%

No, but we are considering implementing one.35%

No8%

Unsure

View Results

“Risk quantification frameworks need to be combined to be effective.”

Strongly agree13%

Agree61%

Neutral13%

Disagree10%

Strongly disagree

Other (tell us in the comments)

View Results

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?