What is third-party risk management (TPRM)?
Third-party risk management (TPRM) is the process of identifying, assessing and managing risks arising from relationships with suppliers, vendors, outsourced service providers and other third parties. A structured TPRM programme helps organisations manage cyber, operational, regulatory and supplier-related risks across the entire third-party lifecycle.
What is the difference between vendor risk management and supplier risk management?
Vendor risk management and supplier risk management are both components of third-party risk management. Vendor risk management typically focuses on technology vendors and outsourced service providers, while supplier risk management addresses risks associated with suppliers supporting operational and business activities. Both require structured governance, risk assessments and ongoing monitoring processes.
What is included in a third-party risk assessment?
A third-party risk assessment evaluates cybersecurity controls, governance structures, operational resilience capabilities, data protection measures and regulatory compliance of a supplier, vendor or outsourced service provider. Assessments typically include vendor security assessments, supplier risk assessments and control reviews to identify critical risks and dependencies.
When is a third-party audit or supplier audit required?
A third-party audit, supplier audit or vendor audit is typically required when a supplier or outsourced service provider supports critical business functions, processes sensitive information or operates within a regulated environment. Independent audits help organisations assess control effectiveness, strengthen oversight and support regulatory and audit requirements.
What is supply chain cyber risk?
Supply chain cyber risk refers to cybersecurity threats and vulnerabilities introduced through suppliers, vendors, cloud providers and outsourced service providers. Weak cybersecurity controls within the supply chain can expose organisations to cyber incidents, operational disruption and regulatory consequences, even where internal controls are strong.
Which regulations and frameworks are relevant to TPRM in Switzerland?
In Switzerland, FINMA-regulated organisations must maintain appropriate oversight of outsourced activities and third-party risks. Third-party risk management programmes are commonly aligned with FINMA outsourcing expectations, the Swiss Data Protection Act (DSG) and recognised frameworks such as NIST CSF, COBIT and ISO 27001.
Ce site web utilise des cookies.
Certains de ces cookies sont nécessaires, tandis que d'autres nous aident à analyser notre trafic, à diffuser de la publicité et à offrir des expériences personnalisées pour vous.
Pour plus d'informations sur les cookies que nous utilisons, veuillez vous référer à notre politique de confidentialité.
Ce site web ne peut pas fonctionner correctement sans ces cookies.
Les cookies analytiques nous aident à améliorer notre site web en collectant des informations sur son utilisation.
Nous utilisons des cookies marketing pour améliorer la pertinence de nos campagnes publicitaires.