Third Party Thursday - March 27, 2025

Vendor vulnerabilities were linked to a significant portion of 2024 breaches and European Union regulations require improved third-party risk management. 

Catch up on the latest news in TPRM and explore new resources from Venminder to help you stay ahead of the curve.

A new report revealed vendor vulnerabilities were responsible for 35.5% of all 2024 breaches, with a staggering 41.4% tied to ransomware attacks. One third-party provider paid a $17.5 million settlement after a 2023 breach impacted 6.5 million people. Hackers are zeroing in on the pharmaceutical industry through third-party vendors, making TPRM more crucial than ever. 

With the EU's AI Act on the horizon, organizations must prepare their vendors and demand transparency on AI use. Financial and healthcare sectors must stay ahead of EU subcontracting rules by conducting thorough due diligence and continuous monitoring. Stay in the loop with the latest TPRM updates this week! 

Read More

Template: Third-Party Risk Management Policy Template

Blog: Best Practices for Change Management in Third-Party Risk Management (TPRM)

Blog: TPRM for Investment Advisers: What's Substantiation?

On-Demand Webinar: Vendor Incident Response: Minimizing Risk When Things Go Wrong 

Infographic: How to Mitigate Third-Party Risk

Check out the latest discussions in our complimentary online community dedicated to third-party risk professionals. Visit www.thirdpartythinktank.com to register and sign in.

• Auditing Expired Contracts: "Relationships and governance of third-party relationships are audited for the existing and live contracts. Is there value in assessing the ongoing monitoring of relationships by a Relationship Manager for an expired contract (expired during the audit, but active during the period being audited)?" Help Answer
• Auditing Regularity: "What would be a reasonable regularity for auditing third-party arrangements based on criticality or risk levels (High, Medium, and Low)? This is for internal auditors. How often should Internal Audit review/audit third-party arrangements?" Help Answer
• Non-Disclosure Agreements: "Does your organization track all your Non-Disclosure Agreements (NDAs) with your vendors? We have noticed more and more vendors are asking for NDAs and each vendor NDA has a different term." Help Answer

Onboarding Critical Vendors: How to Plan, Assess Risk, & Choose the Right Partner

Before signing on the dotted line with a critical vendor, organizations need to take a step back and think strategically. Why is outsourcing the right move? What risks come with it? And how can you ensure you’re selecting a vendor that won’t create more problems than solutions? This webinar will walk you through the first two lifecycle stages: Planning and Due Diligence & Selection.

April 22, 2025 | 1pm CT | Register Now

Navigating the Unknown: A Proactive Blueprint for High-Impact Risk Management

In a world where risk is constantly evolving, financial institutions need more than just a reactive approach — they need a blueprint for success. This webinar will explore proactive strategies for building a high-impact risk management program, equipping you with the tools to anticipate challenges, adapt to change, and strengthen resilience. 

April 24, 2025 | 1pm CT | Register Now

Like what you read? Don't forget to click 'Subscribe' in the top right corner of the page for weekly third-party risk management updates, news, resources, and upcoming webinars.