What's the best third party & supplier risk management software on the market today?

Governance, Risk & Compliance Risk Management

Aravo TPRM4%

BitSight Security Ratings41%

Galvanize ThirdPartyBond14%

Black Kite Cyber Risk Rating System15%

OneTrust16%

Other (please share below)7%

569 PARTICIPANTS

4.1k views3 Upvotes4 Comments

Sort by:

Chief Information Security Officer2 months ago

RiskCognizance.com a proactive approach to identifying and managing risks, not just meeting compliance. Using full third-party risk management with attack surface for third-party validation.

CISO in Softwarea year ago

Auditive.io is an interesting new one

Fractional CIO in Services (non-Government)4 years ago

There is always a lot of "it depends" in a question like this.

It depends on:

The problem you are trying to solve
The market you are in
Your requirements
Your budget.

Etc.

Associate Vice President, Information Technology & CISO in Education4 years ago

Check out UpGuard. Not a fan of Bitsight and their practices. Also Security Scorecard was quite expensive. UpGuard provided the same functionality at a tenth of the cost of Bitsight (depending on your negotiation skills hah).

Content you might like

What percentage of your organization's AI usage do you estimate happens outside of IT governance?

Less than 10%18%

10-25%50%

25-50%20%

More than 50%13%

I don't know

View Results

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

In the last 6 months, how many third parties were flagged high risk in your initial pre-engagement due diligence screening and were rejected as business partners?

0% flagged for high risk14%

1-25% flagged for high risk59%

26-50% flagged for high risk20%

51-74% flagged for high risk5%

75%+ flagged for high risk

View Results

What's the best third party & supplier risk management software on the market today?

Sort by:

Content you might like

What percentage of your organization's AI usage do you estimate happens outside of IT governance?

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

In the last 6 months, how many third parties were flagged high risk in your initial pre-engagement due diligence screening and were rejected as business partners?

What sets us apart?

Take Your Insights On-the-Go

What's the best third party & supplier risk management software on the market today?

Sort by:

Content you might like

What percentage of your organization's AI usage do you estimate happens outside of IT governance?

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.Has anyone implemented a "not relevant" risk tier in their model?This tier would apply to vendors posing genuinely negligible security risk.

In the last 6 months, how many third parties were flagged high risk in your initial pre-engagement due diligence screening and were rejected as business partners?

What sets us apart?

Take Your Insights On-the-Go

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.