Is your organization using a tool to assist you with 3rd party risk management and if so would you be willing to discuss how you are employing? Which use cases does the tool assist your risk management strategy?

Security & GRCThird Party Risk Management (TPRM)
1.8k views3 Comments
Sort By:
Oldest
CIO in Services (non-Government)7 months ago
We use OneTrust and Risk Ledger, happy to discuss
Director of Information Security in Services (non-Government)7 months ago
SecurityScorecard
There is a module for vendor questionnaires as well. Templates include all of the major frameworks and questionnaires can be sent and tracked from the dashboard. 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CISO in Energy and Utilities7 months ago
We've recently concluded a comprehensive RFP/RFQ process and have selected our preferred tool. I would be pleased to discuss the details and share insights from our selection journey. If you're interested, let's arrange a call at your convenience.

Content you might like

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

How do you ask your third parties to notify you if they have had a cyber incident? Does your process work efficiently?

IT Strategy & RoadmapSecurity Strategy & RoadmapThird Party Risk Management (TPRM)
Director of IT in Softwarea month ago
To ensure third parties notify you of cyber incidents, include specific notification requirements in your contracts, detailing the timeframe and method of communication. Define clear incident response procedures within the ...read more
1
Read More Comments
1.8k views3 Comments

Single sign-on (SSO) increases the chance of a major network security breach.

Single Sign-On (SSO/SAML)Identity & Access Management (IAM)Third Party Risk Management (TPRM)

Strongly agree4%

Agreee59%

Neutral23%

Disagree12%

Strongly disagree1%

View Results
3.8k views2 Upvotes3 Comments

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments