TPRM · Due Diligence

What is Supplier Due Diligence?

Supplier due diligence is the systematic review of a supplier before contract — focusing on cybersecurity, compliance and operational resilience.

Supplier due diligence is the structured pre-assessment of a potential supplier — before a business relationship is entered into. It covers the analysis of security certifications, data protection practices, financial stability and cyber risk profile.

What is checked in due diligence?

A complete supplier due diligence checks: security certifications (ISO 27001, SOC 2, TISAX), known vulnerabilities and data breaches, data protection practices (GDPR compliance), financial stability and insolvency risk, subcontractors and fourth-party risks, and regulatory compliance. 360TPRM automates this review through external cyber intelligence.

From weeks to minutes

Manual due diligence processes take 4-8 weeks. 360TPRM delivers a complete risk score in under 24 hours — without manual questionnaires.

Due diligence as a regulatory requirement

DORA Art. 28 requires financial entities to conduct full due diligence before concluding ICT third-party contracts. NIS2 requires risk-based assessment for suppliers in critical areas. ISO 27001:2022 Annex A.5.21 explicitly requires security review of suppliers before contract.

No contracts without due diligence

Under DORA, critical ICT contracts may only be concluded after full due diligence. Violations can lead to regulatory action by supervisory authorities.

FAQ

How long does due diligence take?+

Manually 4-8 weeks. With 360TPRM under 24 hours — through automated external cyber intelligence instead of manual questionnaires.

Does due diligence need to be documented?+

Yes — both NIS2 and DORA and ISO 27001 require documented evidence. 360TPRM automatically creates audit-ready reports.

Automate due diligence

See in a 45-minute demo how 360TPRM specifically meets your requirements.

Request free demo →