What's the best third party & supplier risk management software on the market today?

Governance, Risk & ComplianceRisk Management

Aravo TPRM5%

BitSight Security Ratings42%

Galvanize ThirdPartyBond14%

Black Kite Cyber Risk Rating System11%

OneTrust18%

Other (please share below)7%

573 PARTICIPANTS
4.1k viewscircle icon3 Upvotescircle icon4 Comments
Sort by:
Chief Information Security Officer3 months ago

RiskCognizance.com a proactive approach to identifying and managing risks, not just meeting compliance. Using full third-party risk management with attack surface for third-party validation.

CISO in Softwarea year ago

Auditive.io is an interesting new one

Fractional CIO in Services (non-Government)4 years ago

There is always a lot of "it depends" in a question like this.

It depends on:

The problem you are trying to solve
The market you are in
Your requirements
Your budget.

Etc.

Associate Vice President, Information Technology & CISO in Education4 years ago

Check out UpGuard. Not a fan of Bitsight and their practices. Also Security Scorecard was quite expensive. UpGuard provided the same functionality at a tenth of the cost of Bitsight (depending on your negotiation skills hah).

Lightbulb on3

Content you might like

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

The recent breach of Uber’s internal systems was initiated via social engineering — will you update your security awareness training to address these tactics?

Yes27%

Our awareness training already addresses social engineering tactics65%

No4%

Other (please specify)3%

View Results

Are you currently concerned about security risks for supply chains affecting your business?

Yes68%

No28%

Unsure3%

View Results

How does your cyber compliance team stay informed about new and changing regulations impacting your organization's compliance? Additionally, how are cyber compliance teams tracking, measuring and reporting on internal compliance?

‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.

Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.

My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.