Third-party risk has become a critical element of a strong governance, risk, and compliance (GRC) program, especially when addressing sensitivities with data protection. Drata’s new Risk Trends Report found 83% of security professionals have experienced negative consequences as a result of their current TPRM process or informal oversight process. But investment remains a challenge, with 44% of respondents saying their company may not have the appropriate staff or resources to thoroughly screen third parties.
Drata’s TPRM offering provides security teams with a comprehensive tool for identifying, assessing, and continuously monitoring risks and integrating them with internal risk profiles. This holistic approach ensures a unified, clear view of potential exposures across the entire organization to effectively and efficiently manage third-party risks.
The first phase of Drata’s TPRM capabilities include:
• Vendor Import via Okta SSO integration & Bulk Upload: streamline adding and updating vendors in a Vendor Directory.
• Vendor Impact Analysis: standardize the assessment of Vendor Impact and Impact Level by evaluating data access, operational impact, and more.
• Vendor Questionnaire Responses: gain deeper insight into vendor risk posture.
• Vendor Risks: adding reminders, categorization, and treatment to track and continuously assess the risk of vendors as part of an organization’s risk register.
• Vendor Risk Overview: easily understand, prioritize, and act on all risks across vendors.
• Vendor Insights Dashboard: keep stakeholders up-to-date on the overall risk impact of a current vendor ecosystem.
“Drata helps us extract meaningful insights from across our vendor ecosystem, and prioritize time-sensitive tasks,” said Ylan Muller, Senior IT Manager at FireHydrant. “Our team is able to formalize the tracking and management of third-party related risks and consolidate this workflow into one tool, so that we can remain vigilant in keeping our security program running smoothly.”
“It’s imperative for security professionals to have as much confidence in their third-party ecosystem as they do within the four walls of their own businesses,” said Adam Markowitz, Co-Founder and CEO of Drata. “Drata’s latest offering extends the power of its best-in-class continuous control monitoring to third-party vendors, taking TPRM to the next level.”
Drataverse Digital: Risk and Reward also features additional new capabilities including:
• NIST AI Risk Management Framework (RMF) to proactively set standards, collect evidence, and monitor controls to ensure proper governance of AI adoption across the workforce.
• HRIS integrations, automating the evidence collection and control monitoring for 23+ Human Resources Information Systems.