Explore innovative solutions in Enterprise GRC, Third-Party & Vendor Risk Management, and Model Risk Management. This channel delivers thought leadership on critical topics like TPRM, MRM, EUC management, cyber risk, IT risk, and more, helping organizations navigate the complexities of modern risk landscapes.

Third-party relationships are both essential and risky. Look no further than Change Healthcare, National Public Data, or Snowflake to see how an incident involving one of your vendors, suppliers, or partners can have far-reaching implications for your organization—from financial losses to reputational damage and regulatory penalties.
 
Join Dave Shackleford of Voodoo Security as he explores the hidden vulnerabilities of third-party partnerships and why they demand your organization’s immediate attention.
 
In this webinar, Dave will:
- Review common oversight areas in third-party risk management that lead to incidents.
- Delve into the latest regulatory trends surrounding third-party cybersecurity compliance.
- Examine the ripple effects of third-party breaches.
- Identify best practices for assessing, monitoring, and remediating risks in your third-party ecosystem.
 
This webinar will equip your team with the knowledge and tools to strengthen your cybersecurity posture and protect your business from the unexpected.

Why You Should Take a Third-Party Breach Seriously

The AICPA SOC 2 has become an industry-standard framework that third-party vendors and suppliers can use to supplement a risk assessment. So, how do you interpret and mitigate risks identified in a vendor SOC 2 report in a way that's consistent with your third-party risk management (TPRM) program?

In this webinar, Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, explores the intersection of SOC 2 and TPRM, focusing on how to align SOC 2 audits with your program.

Join Bob as he examines:

- The "when" and "why" for using a SOC 2 report as part of a risk assessment.
- Best practices for mapping SOC 2 controls into common vendor risk and security frameworks.
- Tools and techniques for effective vendor risk assessment and monitoring.

SOC2 Best Practices

Performing due diligence is pivotal in identifying, assessing, and mitigating risks associated with third-party relationships. One of the biggest trends in third-party risk management (TPRM) is managing various types of third parties, diverse activities, and approaches to due diligence, all while adopting a risk-based strategy. So, where do you start?

Join Samira Duijnmayer of Booking.com as she leverages her experience to share insights on how robust due diligence processes can serve as the backbone of effective TPRM programs.

In this webinar, Samira will discuss:
- The importance of risk-based due diligence
- What are the minimum requirements for due diligence
- What activities apply to high-risk third parties
- Tips and best practices for managing third parties
- Tactics and to educate and manage and mitigate fourth, and Nth-party risk
- Whether you are a compliance officer, risk manager, or procurement specialist, this webinar will equip you with the knowledge and tools needed to implement a risk-based approach to third-party due diligence. 

One of the biggest trends right now is managing multiple types of third parties, different activities and approach to due diligence and taking a risk based approach to this.

Risk-Based Approach to TPRM Due Diligence

Although the AICPA SOC 2 report has become a go-to for third-party vendors and suppliers to submit as a risk assessment, the reports themselves can be complex, time-consuming, and confusing. So, what do you need to know?

Join compliance experts Thomas Humphreys and Sophie Pothecary in this interactive session as they answer the top questions we've received surrounding SOC 2 and third-party risk management (TPRM).

In this webinar, Thomas and Sophic will answer:
- Who is required to have a SOC 2 report?
- How do you know the SOC 2 report includes the scope relevant to your TPRM program?
- Are there any drawback to using a SOC 2 report?
...and more!

SOC 2 & TPRM: Your Questions Answered

The National Institute of Standards and Technology (NIST) is behind several risk management guidelines widely adopted across public and private sectors. Several publications - including Special Publication (SP) 800-161, SP 800-53, and the Cybersecurity Framework (CSF) 2.0 - contain guidance related directly to managing third-party and supply chain risks. But with hundreds of controls, where do you start?

Join compliance experts Thomas Humphreys and Sophie Pothecary in this interactive session as they answer the top questions we've received surrounding NIST and third-party risk management (TPRM).

In this webinar, Thomas and Sophie will answer:
- Which NIST controls to focus on, and what happens if you leave out an important one?
- Are there common control areas?
- NIST guidelines and risk appetites?
...and more!

NIST & TPRM: Your Questions Answered

GRC – short for Governance, Risk, and Compliance – is the alignment of processes, technologies, and people in an organization with a repeatable framework for risk-based decision-making. But considering the growing number of data breaches involving a vendor, supplier, or other third party, third-party compliance requirements, and supply chain disruptions, does a GRC solution go far enough to address third-party risks? And does it offer any advantages over a third-party risk management (TPRM) solution?

Join third-party risk management expert Tom Garrubba as he leverages his experience to explore the differences between GRC and TPRM solutions.

In this session, Tom will:
- Define what is involved in GRC
- Explain how third-party and GRC are related
- Review the pros and cons of GRC and TPRM solutions
- Identify the use cases for both GRC and TPRM solutions in your enterprise
- Share best practices for proactively addressing risks in the extended enterprise

Understanding the nuances and relationship between GRC and TPRM can help you proactively address and mitigate risks facing your organization.

GRC vs TPRM: How They Work Together

ISO 27001 is an internationally recognized information security standard used in more than 100 countries. When it comes to third-party risk management, it provides a clear framework for identifying and managing supplier risk. However, how do you know if you're applying it correctly?
Join compliance experts Sophie Pothecary and Thomas Humphreys as they discuss how ISO 27001 applies to managing third-party risk and strategies to use the framework to measure your TPRM program's success.
In this interactive webinar, Sophie and Thomas will:
• Introduce the ISO 27001 standard
• Define how to map TPRM practices to the Information Security Management System (ISMS) and ISO controls
• Identify which key controls are the most impactful
• Examine ways to translate these controls into actionable key performance indicators (KPIs) and key risk indicators (KRIs)
• ...and more!

ISO 27001 to create TPRM KPIs & KRIs

KPIs, KRIs and Management Reporting for Effective TPRM
 
Maintaining a strong third-party risk management (TPRM) program means understanding key performance and risk metrics and clear management reporting at all levels. However, measuring risk from third parties can be complex, requiring you to translate obscure metrics into potential business impacts. And, once you define ways to measure risk, you still need benchmarks and standards to compare your program's effectiveness.
 
Join Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, as he guides you through how to correlate performance and risk metrics for more informative, business-aligned TPRM program reporting.
 
In this webinar, Bob will share practical tips for:
- Defining and implementing meaningful and actionable TPRM KPIs and KRIs
- Leveraging risk triggers to unearth your major pillars of risk
- Fostering a "collective risk management" framework in your organization
- Evolving TPRM metrics from checklists to continuous risk management
- Incorporating KPIs and KRIs into effective management reporting at all levels

KPIs, KRIs and Management Reporting for TPRM

Third-party data breaches continue to impact organizations across all industries. As we found in our 2023 Third-Party Risk Management Study, 41% of companies reported a third-party breach, and 71% consider third-party security breaches to be a top concern. So, how can you stay on top of the growing number of cyber risks?

Join Dave Shackleford, CEO at Voodoo Security and SANS Senior Instructor, as he shares his insights on the most important steps to prepare your third-party cybersecurity program.

In this webinar, Dave will:
- Examine emerging trends in third-party cybersecurity
- Discuss how to identify the third-party cyber risks that pose the greatest danger to your organization
- Explore ways to reduce software supply chain vulnerabilities - and the latest lessons from the ongoing MOVEit hack
- Review the current state of the NIST Cybersecurity Framework (CSF) draft 2.0
- Provide best practices for your third-party incident response plan

This webinar will deliver insights and a roadmap to help you prioritize cybersecurity in your third-party risk management program in 2024.

Third-Party Cyber: Emerging Trends & What to Do in 2024

Watch this webinar on demand to learn how to prepare your organization to meet the DORA compliance deadline in January 2025, with practical steps to achieve readiness within the one-month compliance window.

Our experts walk you through how to: 

    - Gain insights into which mandatory contract clauses are required for vendors and nth parties to ensure compliance and mitigate risk.
    - Link these processes to a robust control framework and regulatory technical standards (RTS) for comprehensive TPRM.
    - Highlight and assess critical business functions and their protection needs.
    - See this in action within Mitratech’s Alyne solution and learn how it can elevate your risk management and compliance strategies.

Speakers: 
    - Ali Alam, Senior Manager at KPMG Netherlands
    - Nicolas Tauber, Manager Financial Services at KPMG Deutschland
    - Claudia Howe, Executive Director for GRC Solutions at Mitratech
    - Henry Umney, Managing Director for GRC Strategy at Mitratech

Ensuring Compliance and Operational Resilience Ahead of the January 2025 DORA Deadline with KPMG

Explore how policy management is the very first step in any successful IT risk management program.

Technology is at the center of every core business process within modern organizations. It comes without saying that the IT infrastructure of an enterprise is crucial in day-to-day business operations. Therefore, it is of the utmost importance to develop a fully comprehensive IT governance policy framework that sets the principles for the compliant use of IT assets as well as allowing for the clear identification of misuse of these assets and the potential risks that wrongful practices can create.

Creating an IT governance policy framework is the starting point of any successful IT risk management program as this policy framework must be closely intertwined with IT risk impact. Furthermore, an IT governance policy helps protect the IT infrastructure of an organization. After all, disruption to technology assets can create significant operational risk and impact business continuity.

Powered by Mitratech, join Michael Rasmussen and Henry Umney in this electrifying webinar to learn how policy management is the very first step in any successful IT risk management program. 

Watch this webinar and learn all about:
> Building an IT governance policy framework.
> Risk assessment of the organization’s IT infrastructure.
> Aligning IT policy with operational risk and business continuity practices.
> Delivering a clear policy framework that drives actions

About Our Speakers:
> Michael Rasmussen: Founder of GRC 20/20 Research
> Henry Umney: Managing Director of GRC Strategy at Mitratech

Policy Management: The Starting Point of a Successful IT Risk Management Program

Mastering the challenges and opportunities of DORA compliance.

The Digital Operational Resilience Act (DORA), is set to transform how EU based Financial Institutions enhance the operational resilience of their critical business processes. With an implementation date of 17th January 2025, the evolving nature of the regulation presents institutions with significant challenges in mastering the details and developing their implementation plans.

Watch this webinar and learn all about:
> The key principles of DORA.
> Challenges in harmonizing DORA with your other third-party and operational resilience initiatives.
> Opportunities and pitfalls of implementing DORA.

Join industry experts, Jay Chakraborty, Partner at PwC Consulting, Sam-Lee, Head of Operational Risk at SMBC, and Henry Umney, Director of GRC Strategy at Mitratech; as they discuss the key challenges of DORA compliance and the opportunities it offers.

Implementing DORA: Mastering the Challenges and Opportunities

Organizations falling under the purview of the SOCI Act 2022 and CIRMP Rules have to work quickly to implement and comply with their selected cyber security framework before the deadline of August 2024. And as we’ve learned in the year since these mandates were implemented, the security and critical infrastructure reforms now represent some of the most significant changes in Australia's history in terms of enhancing cyber defense measures.

You met the first deadline — but is your CIRMP scalable, sustainable, and agile? Does it integrate with your people, infrastructure, and existing technology to support the comprehensive risk management you need? 

Join industry experts Michael Rasmussen, Meri Kukkonen, and Henry Umney for a webinar discussion on evaluating your current CIRMP,  taking the next steps under the SOCI Act 2022, and meeting the latest Cyber Security Framework requirements. Now that the immediate pressure is off (but with another deadline looming), it’s time to check back in and apply the expert’s advice on: 

> How to carefully assess and pressure-test your current risk management plans, policies, and procedures according to SOCI Act requirements 
> Where you can expect to see the cyber risk management landscape continue to shift over the next year 
> The best way to enhance your Cyber Security Incident Response Management Program 
> How to accept – and adapt to – the unexpected with a risk management program that prioritizes agility

SOCI Act 2022: One Step Ahead of Cyber and IT Risks

Core business processes and programs within organizations must be connected to the bottom line. As the economy contracted this past year, organizations across the globe have been riddled with challenges, from mass layoffs and budget cuts to supply chain volatility and inflation.

Organizations around the globe are trying to determine how to ensure business continuity and do more with less — all while facing increasing cyber attacks, information security risks, constant geopolitical threats impacting supply chains and complex new regulatory frameworks. How can you build a mature cyber resilience program within your business with a critical lack of technical know-how, significant budget constraints and few-to-no monitoring of third-party risks?

Join Henry Umney, Director of GRC Strategy at Mitratech, Kaih Taylor, Third-Party Risk Manager at AgFirst Farm Credit Bank, and Bob Maley, CISO at Black Kite, in this powerful webinar for answers to the vital question above and a pool of knowledge that only A-list experts can deliver.

Expert Perspectives: Cyber Risk Management Through an Economic Lens

Artificial Intelligence can make a risk professional’s life easier — if properly leveraged and governed.

AI is the talk of the town. But while the headlines follow tools like Chat GPT and Google Assistant, few are focusing on its transformative capabilities within the governance, risk and compliance sector. And while many technology partners are quick to point out the roadblocks, risks, and challenges of implementing AI, even fewer are coming prepared with solutions and frameworks to help your organization mitigate its risks and capitalize on adoption. Until now. 

Join Michael Rasmussen, Claudia Howe, and Henry Umney for a discussion on the evolution of Artificial Intelligence within GRC. Our experts will walk you through how to get ahead — and stay ahead — in the shifting landscape of AI-enabled compliance management with: 

- A snapshot of current global AI trends, regulations, and initiatives (designed to give you a better understanding of any gaps/violations of regulations that should be on your radar) 
- GRC Relevant AI Capabilities
- Peer-tested AI in GRC use cases that you can start applying within your organization today
- Best practices for aligning your AI use with organizational policy and future-proofing your AI governance strategy in 2024 and beyond

Beyond the Buzz: A Practical Approach to Adopting (and Governing) AI

It doesn’t matter if you’re a large enterprise like Uber or a small / midcap company; there’s one common thread as we start 2023: a renewed (and business-critical) focus on how you manage your IT risk — and your Board is about to start asking questions. 

The U.S. Securities and Exchange Commission (SEC) is moving quickly to propose amendments that require current reporting about material #cybersecurity incidents and periodic disclosures about a registrant’s policies and procedures to identify and manage: 

Cybersecurity risks
Management’s role in implementing cybersecurity policies and procedures
The Board of Directors’ cybersecurity expertise

Watch the on-demand panel today for insights on: 

How companies can think about the proposal (whether it affects you now or will come your way later)
The questions your stakeholders are about to ask
Easy-to-implement, performance-driven tools to answer their questions


Speakers (in order of appearance): 
Join Henry Umney, Managing Director of GRC Strategy, Seth Rosensweig, Partner, Cyber, Risk and Regulatory at PwC and Samrah Kazmi, Chief Innovation Officer and Head of Risk Partnerships at RESRG

Why Your Board & Stakeholders Are About to Ask You About Your IT Risk Technology

The AICPA SOC 2 report has become a go-to standard for organizations to assess their IT controls that vendors can submit as a risk assessment. At the same time, interpreting the reports can be complex, time-consuming, and inconsistent with how other vendors are assessed. So, can you simplify the process of analyzing SOC 2 reports – and break them down into consistent and actionable metrics?

Join compliance experts Sophie Pothecary and Thomas Humphreys as they explore how to use SOC 2 reports in your third-party risk management (TPRM) program and discuss strategies to analyze and leverage the reports to measure your program's success.

In this interactive webinar, Sophie and Thomas will:
- Deconstruct a typical SOC 2 report
- How to map SOC 2 report control exceptions into risks in a common vendor risk and security framework
- Examine ways to translate this framework into actionable key performance indicators (KPIs) and key risk indicators (KRIs)

With more third-party vendors and suppliers providing SOC 2 reports in place of complete risk assessments, this webinar will help you understand how to use these reports in your TPRM program effectively.

SOC 2 Reports to Create TPRM KPI & KRIs

Risk Management

TPRM

Third Party Risk Management

Vendor Risk

SOC2

AICPA SOC 2

IT controls

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

SOC 2 Reports to Create TPRM KPI & KRIs

Presented by

About this talk

More from this channel