Optiv Cybersecurity Dictionary

What Is TPRM - Third-Party Risk Management?

Third-party risk management (TPRM) is the programmatic process of analyzing and controlling risks presented to an organization, its data, operations and finances by parties other than the organization itself.


Business processes and supporting technology platforms are applied to manage, monitor and mitigate risks to the organization created by interdependencies with third-party business partners (such as suppliers, vendors, cloud technology providers, etc.), as well as their third- or nth-parties. 


A TPRM program is one critical component of a comprehensive integrated risk management (IRM) program supporting an organization’s governance, risk and compliance (GRC) strategy.

Contact Us