Blog / TPRM

ISO 27001 third-party risk management requirements

ISO 27001 supplier and third-party requirements—Annex A themes, ISMS processes, and evidence for certification audits.

PCI DSS third-party risk management requirements

PCI DSS vendor and third-party requirements for merchants and service providers—due diligence, contracts, and monitoring.

Understanding third-party risk: Everything you need to know

A complete primer on third-party risk—definitions, lifecycle, frameworks, and how it connects to compliance programs.

Understanding third-party risk management (TPRM) frameworks

Compare NIST, ISO, SIG, SOC 2, and regulatory frameworks that shape TPRM—and how to map them without duplicate work.

Vendor due diligence (VDD): A step-by-step guide

Vendor due diligence (VDD) step by step—scoping, evidence, risk rating, contracting, and approval workflows.

Vendor offboarding: Best practices for reducing risk

Vendor offboarding closes access, retrieves data, and preserves evidence. Best practices to prevent post-contract breaches.

Vendor risk assessment report: Crucial elements to cover

What belongs in a vendor risk assessment report—executive summary, scoring, gaps, treatment, and evidence index.

Vendor risk management metrics: Complete guide to KPIs and KRIs

KPIs and KRIs for vendor risk management—what to measure, targets, and how to report to leadership and auditors.

VRM and TPRM: What's the difference?

Vendor risk management (VRM) vs third-party risk management (TPRM)—definitions, scope, and when teams use each term.

What is third-party risk management (TPRM)?

TPRM is the discipline of identifying, assessing, treating, and monitoring risk from vendors and partners. Learn components, roles, and tooling.