What's the best third party & supplier risk management software on the market today?

Governance, Risk & ComplianceRisk Management

Aravo TPRM4%

BitSight Security Ratings44%

Galvanize ThirdPartyBond15%

Black Kite Cyber Risk Rating System9%

OneTrust18%

Other (please share below)7%

568 PARTICIPANTS
4.1k viewscircle icon3 Upvotescircle icon4 Comments
Sort by:
Chief Information Security Officer2 months ago

RiskCognizance.com a proactive approach to identifying and managing risks, not just meeting compliance. Using full third-party risk management with attack surface for third-party validation.

CISO in Softwarea year ago

Auditive.io is an interesting new one

Director of Technology Strategy in Services (non-Government)4 years ago

There is always a lot of "it depends" in a question like this.

It depends on:

The problem you are trying to solve
The market you are in
Your requirements
Your budget.

Etc.

Associate Vice President, Information Technology & CISO in Education4 years ago

Check out UpGuard. Not a fan of Bitsight and their practices. Also Security Scorecard was quite expensive. UpGuard provided the same functionality at a tenth of the cost of Bitsight (depending on your negotiation skills hah).

Lightbulb on3

Content you might like

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Do you have a system to apply patches in a repeatable way?

Yes37%

We're currently developing a system to apply patches.38%

No, but I expect that may change.16%

No, and I don’t expect that to change.7%

Other (please specify in the comments)

View Results

Experts say a new hacking group that has emerged recently named BlackMatter is using techniques that are similar to the DarkSide group that successfully hacked the Colonial Pipeline Co. earlier this year. Do you think they're the same group?

Yes BlackMatter is DarkSide returning under a new name.40%

No, BlackMatter is a different group from DarkSide.36%

I don't know24%

View Results

Is red teaming a better way to demonstrate security needs to the board than traditional compliance audits?

Read More Comments