This message was posted by a user wishing to remain anonymous I find that any quality conducted SOC 2 Type 2 report has some information regarding TPRM available within the body report and also within the scope of control testing, even if ...
Hi, To be clear, your vendors' third parties' contractors / vendors are fourth parties to you. Fourth parties are also known as subservice organizations. One best practice is to obtain the SOC 2 reports of your vendors. These reports ...
I'm not aware of any open source intelligence, but I am aware of a product offered by one of the insurance brokers, Marsh, that works well for manufacturing organizations. The solution they offer is called Sentrisk. ------------------------------ ...
This message was posted by a user wishing to remain anonymous I am looking for any best practices of how anyone tests that their 3rd parties are actively monitoring their critical/high inherent risk 3rd parties? What do you request and have ...
Has anyone found any decent Open Source Intelligence (OSINT) tools for fourth-party tracking/discovery? I feel like I've been looking forever and it probably doesn't exist, but always nice to hear from others what they may have found or tried. ...
This Week's Power Users
Join a community dedicated to an area of third-party risk including contracts, infosec, risk assessments, policies, and more.
Gain TPRM knowledge fast. Read through these latest blog articles.
Meet, connect, and network with other users using the same third-party risk tool as you - get support and share new ideas and best practices.
Download the latest guides, infographics, samples, whitepapers, checklists, and more that can help guide you through best practices on third party risk. Visit Resources
Register and join live webinars to learn current trends and best practices from knowledgeable experts.Register Now