Craig Callé talks about third party risk management (TPRM), with an emphasis on cybersecurity. TPRM is a subset of Governance Risk and Compliance (GRC), which aims to help organizations achieve their objectives, address uncertainties, and act with integrity. TPRM is crucial as over half of all data breaches occur through insecure third parties. Companies need to understand their third party relationships and monitor them more carefully, which requires a variety of tools and processes. Craig explains that TPRM can cover a variety of risks, including cybersecurity, but also financial viability, compliance with privacy, sanctions and other regulations, reputation management, supply chain issues, and alignment of ESG and sustainability objectives.

Comment