What's the best third party & supplier risk management software on the market today?

Governance, Risk & Compliance Risk Management

Aravo TPRM5%

BitSight Security Ratings43%

Galvanize ThirdPartyBond14%

Black Kite Cyber Risk Rating System11%

OneTrust17%

Other (please share below)6%

565 PARTICIPANTS

4.1k views3 Upvotes4 Comments

Sort by:

Chief Information Security Officer4 months ago

RiskCognizance.com a proactive approach to identifying and managing risks, not just meeting compliance. Using full third-party risk management with attack surface for third-party validation.

CISO in Softwarea year ago

Auditive.io is an interesting new one

Fractional CIO in Services (non-Government)4 years ago

There is always a lot of "it depends" in a question like this.

It depends on:

The problem you are trying to solve
The market you are in
Your requirements
Your budget.

Etc.

Associate Vice President, Information Technology & CISO in Education4 years ago

Check out UpGuard. Not a fan of Bitsight and their practices. Also Security Scorecard was quite expensive. UpGuard provided the same functionality at a tenth of the cost of Bitsight (depending on your negotiation skills hah).

Content you might like

I am looking for insights on establishing an Architecture Review Board (ARB) within our organization. As we aim to enhance our architectural governance and ensure alignment with our strategic objectives, we recognize the importance of setting up an effective ARB. To this end, I would greatly appreciate your guidance on the following aspects: 1. Establishing a Charter: What key elements should be included in the ARB charter to clearly define its purpose, scope, and authority? 2. Member Selection: What criteria should we consider when selecting members for the ARB to ensure a diverse and knowledgeable board? 3. Review Process: Could you share best practices for structuring the review process to ensure thorough and consistent evaluations of architectural proposals? 4. Decision-Making: What are effective methods for making decisions within the ARB, and how can we ensure transparency and accountability? 5. Documentation and Communication: What templates or tools would you recommend for documenting reviews and communicating decisions to stakeholders? 6. Measuring Success: How can we establish criteria for measuring the success and impact of the ARB on our architectural practices? Your expertise and experience in this area would be invaluable to us as we embark on this initiative. Any additional insights or resources you could provide would be greatly appreciated.

Is your organization prepared to comply with regulations in the EU’s Digital Markets Act (DMA)?

We’re already in compliance with DMA21%

DMA compliance measures are in progress52%

It is currently being discussed16%

No7%

Not sure3%

View Results

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group. Before we start we should conduct a risk assessment - my question is: can you recommend a tool or template?

If you get hired by an SMB and you’re the company’s first/only security practitioner, where should you start? (Should you focus on SANS top 20 controls? Or start with the NIST framework?)

Do you have preselected incident response partners in place?

Yes41%

We are currently establishing incident response partners.43%

No, but I expect that may change.11%

No, and I don’t expect that to change.3%