Third-Party Risk Management
Third-Party Risk Management is the process of identifying, assessing, and monitoring the risks an organization inherits from its vendors, suppliers, and other third parties.
Why It Matters
In security reviewsTPRM drives the security questionnaires and evidence requests vendors must respond to, making it the buyer-side counterpart to questionnaire automation.
Workflow Context
Where it shows upThe overarching program under which vendor intake, assessment, scoring, and reassessment occur.
Common Mistakes
What to avoid- Treating third-party risk management as a universal term with no workflow context.
Use this as an editorial checkpoint when the term appears in a buyer review, internal workflow, or vendor evaluation.