Definition

TPRM (Third-Party Risk Management)

The systematic process of identifying, assessing and managing risks arising from external third parties β€” suppliers, partners and service providers.

AusfΓΌhrliche ErklΓ€rung

Third-Party Risk Management (TPRM) is the structured discipline of identifying all external parties that interact with your organisation, assessing the risks they introduce, and continuously monitoring those risks. Modern TPRM goes beyond annual questionnaires: it uses external cyber intelligence, continuous monitoring and automated risk scoring to maintain a real-time picture of supplier risk. Under NIS2 Art. 21(d) and DORA Art. 28-44, TPRM is a regulatory requirement for organisations in critical sectors and financial services.

Business-Relevanz

360TPRM automates the core TPRM processes β€” supplier inventory, risk classification, continuous external monitoring, compliance documentation and alert management β€” enabling organisations to scale from 10 to 500+ suppliers without proportional overhead.

HΓ€ufige Fragen

What does TPRM stand for?
TPRM stands for Third-Party Risk Management β€” the systematic process of identifying, assessing and continuously monitoring risks from external suppliers, partners and service providers.
Why is TPRM required under NIS2 and DORA?
NIS2 Art. 21(d) mandates supply chain security as a minimum measure. DORA Art. 28-44 requires comprehensive ICT third-party risk management. Both regulations demand continuous monitoring, documented assessments and demonstrable controls β€” exactly what 360TPRM delivers.