Optiv Cybersecurity Dictionary

What Is TPRM - Third-Party Risk Management?

Third-party risk management (TPRM) is the programmatic process of analyzing and controlling risks presented to an organization, its data, operations and finances by parties other than the organization itself.


Business processes and supporting technology platforms are applied to manage, monitor and mitigate risks to the organization created by interdependencies with third-party business partners (such as suppliers, vendors, cloud technology providers, etc.), as well as their third- or nth-parties. 


A TPRM program is one critical component of a comprehensive integrated risk management (IRM) program supporting an organization’s governance, risk and compliance (GRC) strategy.

TPRM - Third-Party Risk Management: Why It Matters


You take your organization’s security seriously. But is everyone you conduct business with on the same wavelength? Statistics point to … probably not. Research shows that 44% of businesses have experienced a third-party data breach since June 2020, and that 74% of them stemmed from providing third parties with unchecked privileged access.1 And depending on the industry and country it occurs in, a breach can cost between $3-7 million.2 


Risk From Suppliers, Vendors and Others

Each third party you’re tied to is a possible entry point for threat actors. Any breach of any vendor can result in a supply chain attack, a cyberattack that finds and exploits weak points in an organization’s supply chain, eroding its ability to perform basic yet crucial operational tasks. The world witnessed this during the SolarWinds supply chain hacks, which were the catalyst leading to the White House executive order (EO) on cybersecurity. 


1 https://www.globenewswire.com/news-release/2021/05/04/2222054/0/en/51-of-Organizations-Have-Experienced-a-Data-Breach-Caused-by-a-Third-party-New-Report-Finds.html
2 Ponemon 2021 Cost of a Breach Review

Third-Party Risk Management Solution


Since every third party is a potential security vulnerability, it’s time to bring some accountability back into the picture. Today’s organizations must ensure that all security postures in their associated business eco-system are held to consistent standards and are seamlessly integrated.


Optiv’s Third-Party Risk Management services can help restore your confidence in your extended relationships. Our experts help you understand, identify and measure the risk of your third parties through powerful assessment tools. We then help you improve your security posture through a logical, business-strategy-focused TPRM workflow and adherence to industry-specific compliance standards.


Let's Reduce Risk


Related Terms

Other Sources:


Contact Us