Explore innovative solutions in Enterprise GRC, Third-Party & Vendor Risk Management, and Model Risk Management. This channel delivers thought leadership on critical topics like TPRM, MRM, EUC management, cyber risk, IT risk, and more, helping organizations navigate the complexities of modern risk landscapes.

The EU's NIS2 Directive introduces new cyber security requirements to enhance the resilience of critical sectors against growing cyber threats.
 Join Toro Solutions and Mitratech risk and compliance experts as they explore the key provisions of NIS2, focusing on risk management, incident reporting, and third-party risk management.
 In this webinar, our experts will share: 
- The key essential requirements of NIS2 and the practical steps your organisation can take to meet them.
- Best practices for managing cyber security risks and securing supply chains
- Insights into the evolving cyber threat landscape and how to protect your organization.

Mastering Third-Party Risk Management Compliance Requirements in NIS2

AI is transforming every function—Legal, Compliance, Finance, IT, Operations, Third-Party Risk, and beyond. But without AI readiness, governance, and risk management, organizations face compliance gaps, security vulnerabilities, and ethical challenges.

How can you integrate AI governance effectively? Do you have the right data, frameworks, and controls to manage AI’s risks and opportunities? Is your AI strategy future-proof against rapid advancements?

Join our expert-led webinar to gain actionable insights, real-world use cases, and technology-driven solutions to build a strong AI governance strategy.

What You’ll Learn:
- Artificial Intelligence 101: Establish a consistent AI definition and distinguish it from ML.
- AI as a New Risk Driver: Identify key risk categories, domains, and frameworks affected by AI.
- Building an AI Inventory & Future Strategy.
- Practical Steps for AI Governance: Evaluate existing governance structures and integrate AI-specific controls.
- Leveraging Technology for AI Compliance: How to use automation, monitoring, and reporting tools for AI oversight.

Strategic AI Governance: Implementing Effective Controls in Financial Services

Artificial Intelligence (AI) has revolutionized how businesses get work done, offering enhanced efficiency and streamlined decision-making. However, AI usage in third-party relationships introduces a host of governance challenges, from ethical considerations and compliance risks to data security and accountability concerns.

Watch Michael Rasmussen, GRC Pundit and principal analyst at GRC 20/20, and Henry Umney, managing director of GRC strategy at Mitratech, as they delve into the complexities of managing AI within vendor ecosystems.

In this on-demand webinar, Michael and Henry:

Examine real-world case studies on the successes and pitfalls of AI governance in third-party contexts.
Navigate the regulatory landscape of AI in third-party engagements.
Review strategies for balancing innovation with ethical responsibility.
Identify best practices for establishing security, accountability, and transparency in AI-powered tools.

How to Govern the Use of AI in Third-Parties with Michael Rasmussen of GRC 2020

Considering the growing dependency on third-party relationships, ensuring the security, compliance, and operational resilience of your vendors and suppliers is more critical than ever. Yet, even the most robust due diligence programs can leave gaps that expose organizations to security, financial, operational, and reputational risks.

Join Bryan Littlefair, past Global CISO of Vodafone Group and Aviva, as he uncovers the most common weaknesses in third-party due diligence approaches and provides practical strategies to address them.

In this webinar, Bryan will:

- Identify the most overlooked areas in third-party due diligence.
- Suggest approaches to enhance risk assessment processes with modern tools and technologies.
- Provide tailored due diligence guidance based on industry and vendor type.
- Examine frameworks and best practices to build a comprehensive due diligence strategy.

Top Tips for Filling in Third-Party Due Diligence Gaps

Third-party risk professionals must prioritise holding vendors and partners accountable to internal cybersecurity standards to mitigate the risks posed by potential cyber-attacks. Building and maintaining resilient relationships with third parties—from the initial contracting phase through the partnership lifecycle—is critical to safeguarding data integrity and ensuring timely, transparent incident reporting. With increasing regulatory focus on cybersecurity, such as the EU’s updated Network and Information Systems Directive (NIS2) and the US Cybersecurity Maturity Model Certification (CMMC), organisations must evaluate their vendors’ cybersecurity readiness and adopt proactive, efficient risk management processes to meet these heightened expectations.

This webinar will explore actionable strategies to establish and enforce strong cybersecurity practices across all third parties, fostering accountability throughout the third-party lifecycle. By identifying high-risk areas and implementing effective monitoring tools, third-party risk professionals can enhance their organisation's defence against vulnerabilities, protect sensitive data, and uphold operational resilience in an era of increasing cyber threats.

Learning Objectives:

- Gain comprehensive visibility into cybersecurity risks across your vendor network.
- Shift from reactive to proactive cyber risk management to align with CMMC and NIS2 regulatory standards.
- Position your third-party risk framework as a cornerstone of enterprise-wide compliance and resilience strategies.
- Recognize the value of an integrated supply chain approach to strengthen incident response capabilities and enhance operational resilience.

Preparing for NIS2/CMMC -  the Evolving Cybersecurity Regulatory  Landscape in 2025

Fourth and Nth parties are the vendors of your vendors – many of which you may not even be aware of. With increasing numbers of supply chain breaches, understanding risks in your extended vendor ecosystem is more critical than ever. The problem is that most risk management programs cannot effectively evaluate threats at all levels of a supply chain without the right visibility.
 
Join Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, as he discusses best practices for gaining deeper risk visibility into your organization's extended fourth and Nth party vendor and supply chain ecosystem.
 
In this webinar, Bob examines:
·    Techniques for discovering and mapping your 4th and Nth-party relationships
·    Strategies for building a deeper and broader vendor risk management database
·    Solutions that can accelerate fourth-party risk identification and remediation
·    Executive and board-level tips for responding to fourth-party incidents
·    Program requirements for avoiding "one-and-done" audit clauses

How to Incorporate 4th Parties Into Your TPRM Program

As trends and advancements in the automotive industry (like autonomous driving or artificial intelligence) continue to drive a flurry of regulatory activity and recalls, maintaining a strong cyber maturity framework has become not only a matter of regulatory compliance – but a critical driver of stakeholder confidence and larger competitive advantage.

Join Mitratech and ETAS for this exclusive webinar, where we will explore practical solutions designed to help automotive risk professionals elevate their cybersecurity posture. This session will highlight the innovative ETAS PROOF model, a proven methodology for enhancing cyber maturity and compliance, and demonstrate how Mitratech’s leading risk platform utilizes the ETAS PROOF model to help organizations stay ahead of ever-changing global regulations.

Key Takeaways Include:
- A Deeper Understanding the ETAS PROOF Model: Dive into ETAS's comprehensive framework for assessing and managing cybersecurity risks in the automotive sector.
- From Framework to Execution: Learn how Mitratech's Alyne platform brings the ETAS PROOF model to life, simplifying ongoing compliance management and enhancing cybersecurity practices across your organization.
- Compliance as a Competitive Advantage: Discover how a robust cyber maturity framework can build stakeholder confidence and differentiate your organization in the marketplace.
- Actionable Insights for Risk Leaders: Gain practical insights and best practices tailored to the needs of CISOs, Heads of Risk, CTOs, Security Managers, Product Security Officers, and PSIRT teams.

Practical Cyber Maturity Solutions for Automotive Risk Professionals

From real-life examples of conducting thorough business impact assessments and protection need evaluations to pinpointing potential compliance weaknesses and disruptions, our experts will guide you through the intricate process of mapping vendors to critical business functions. Ready to bridge the gap between your vendor management and Third-Party Risk Management (TPRM)?  

Join us for our webinar and walk away with insights on how to: 

- Identify and assess which mandatory contract clauses are required for vendors and nth parties to ensure compliance and mitigate risk.
- Link these processes to a robust control framework and regulatory technical standards (RTS) for comprehensive TPRM.
- Highlight and assess critical business functions and their protection needs.
- See this in action within Mitratech’s Alyne solution and learn how it can elevate your risk management and compliance strategies.

Join us to master the intricacies of business impact and vendor risk management and empower your organization with the tools and knowledge to stay resilient and compliant ahead of the DORA deadline in January 2025, with practical steps to achieve readiness within the one-month compliance window.

(German Version) Ensuring Compliance and Operational Resilience Ahead of the January 2025 DORA Deadline

From real-life examples of conducting thorough business impact assessments and protection need evaluations to pinpointing potential compliance weaknesses and disruptions, our experts will guide you through the intricate process of mapping vendors to critical business functions. Ready to bridge the gap between your vendor management and Third-Party Risk Management (TPRM)?  

Join us on for our webinar and walk away with insights on how to: 

- Identify and assess which mandatory contract clauses are required for vendors and nth parties to ensure compliance and mitigate risk.
- Link these processes to a robust control framework and regulatory technical standards (RTS) for comprehensive TPRM.
- Highlight and assess critical business functions and their protection needs.
See this in action within Mitratech’s Alyne solution and learn how it can elevate your risk management and compliance strategies.

Join us to master the intricacies of business impact and vendor risk management and empower your organization with the tools and knowledge to stay resilient and compliant ahead of the DORA deadline in January 2025, with practical steps to achieve readiness within the one-month compliance window.

Ensuring Compliance and Operational Resilience Ahead of the January 2025 DORA Deadline

Third-party relationships are both essential and risky. Look no further than Change Healthcare, National Public Data, or Snowflake to see how an incident involving one of your vendors, suppliers, or partners can have far-reaching implications for your organization—from financial losses to reputational damage and regulatory penalties.
 
Join Dave Shackleford of Voodoo Security as he explores the hidden vulnerabilities of third-party partnerships and why they demand your organization’s immediate attention.
 
In this webinar, Dave will:
- Review common oversight areas in third-party risk management that lead to incidents.
- Delve into the latest regulatory trends surrounding third-party cybersecurity compliance.
- Examine the ripple effects of third-party breaches.
- Identify best practices for assessing, monitoring, and remediating risks in your third-party ecosystem.
 
This webinar will equip your team with the knowledge and tools to strengthen your cybersecurity posture and protect your business from the unexpected.

Why You Should Take a Third-Party Breach Seriously

The AICPA SOC 2 has become an industry-standard framework that third-party vendors and suppliers can use to supplement a risk assessment. So, how do you interpret and mitigate risks identified in a vendor SOC 2 report in a way that's consistent with your third-party risk management (TPRM) program?

In this webinar, Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, explores the intersection of SOC 2 and TPRM, focusing on how to align SOC 2 audits with your program.

Join Bob as he examines:

- The "when" and "why" for using a SOC 2 report as part of a risk assessment.
- Best practices for mapping SOC 2 controls into common vendor risk and security frameworks.
- Tools and techniques for effective vendor risk assessment and monitoring.

SOC2 Best Practices

Performing due diligence is pivotal in identifying, assessing, and mitigating risks associated with third-party relationships. One of the biggest trends in third-party risk management (TPRM) is managing various types of third parties, diverse activities, and approaches to due diligence, all while adopting a risk-based strategy. So, where do you start?

Join Samira Duijnmayer of Booking.com as she leverages her experience to share insights on how robust due diligence processes can serve as the backbone of effective TPRM programs.

In this webinar, Samira will discuss:
- The importance of risk-based due diligence
- What are the minimum requirements for due diligence
- What activities apply to high-risk third parties
- Tips and best practices for managing third parties
- Tactics and to educate and manage and mitigate fourth, and Nth-party risk
- Whether you are a compliance officer, risk manager, or procurement specialist, this webinar will equip you with the knowledge and tools needed to implement a risk-based approach to third-party due diligence. 

One of the biggest trends right now is managing multiple types of third parties, different activities and approach to due diligence and taking a risk based approach to this.

Risk-Based Approach to TPRM Due Diligence

Although the AICPA SOC 2 report has become a go-to for third-party vendors and suppliers to submit as a risk assessment, the reports themselves can be complex, time-consuming, and confusing. So, what do you need to know?

Join compliance experts Thomas Humphreys and Sophie Pothecary in this interactive session as they answer the top questions we've received surrounding SOC 2 and third-party risk management (TPRM).

In this webinar, Thomas and Sophic will answer:
- Who is required to have a SOC 2 report?
- How do you know the SOC 2 report includes the scope relevant to your TPRM program?
- Are there any drawback to using a SOC 2 report?
...and more!

SOC 2 & TPRM: Your Questions Answered

The National Institute of Standards and Technology (NIST) is behind several risk management guidelines widely adopted across public and private sectors. Several publications - including Special Publication (SP) 800-161, SP 800-53, and the Cybersecurity Framework (CSF) 2.0 - contain guidance related directly to managing third-party and supply chain risks. But with hundreds of controls, where do you start?

Join compliance experts Thomas Humphreys and Sophie Pothecary in this interactive session as they answer the top questions we've received surrounding NIST and third-party risk management (TPRM).

In this webinar, Thomas and Sophie will answer:
- Which NIST controls to focus on, and what happens if you leave out an important one?
- Are there common control areas?
- NIST guidelines and risk appetites?
...and more!

NIST & TPRM: Your Questions Answered

GRC – short for Governance, Risk, and Compliance – is the alignment of processes, technologies, and people in an organization with a repeatable framework for risk-based decision-making. But considering the growing number of data breaches involving a vendor, supplier, or other third party, third-party compliance requirements, and supply chain disruptions, does a GRC solution go far enough to address third-party risks? And does it offer any advantages over a third-party risk management (TPRM) solution?

Join third-party risk management expert Tom Garrubba as he leverages his experience to explore the differences between GRC and TPRM solutions.

In this session, Tom will:
- Define what is involved in GRC
- Explain how third-party and GRC are related
- Review the pros and cons of GRC and TPRM solutions
- Identify the use cases for both GRC and TPRM solutions in your enterprise
- Share best practices for proactively addressing risks in the extended enterprise

Understanding the nuances and relationship between GRC and TPRM can help you proactively address and mitigate risks facing your organization.

GRC vs TPRM: How They Work Together

ISO 27001 is an internationally recognized information security standard used in more than 100 countries. When it comes to third-party risk management, it provides a clear framework for identifying and managing supplier risk. However, how do you know if you're applying it correctly?
Join compliance experts Sophie Pothecary and Thomas Humphreys as they discuss how ISO 27001 applies to managing third-party risk and strategies to use the framework to measure your TPRM program's success.
In this interactive webinar, Sophie and Thomas will:
• Introduce the ISO 27001 standard
• Define how to map TPRM practices to the Information Security Management System (ISMS) and ISO controls
• Identify which key controls are the most impactful
• Examine ways to translate these controls into actionable key performance indicators (KPIs) and key risk indicators (KRIs)
• ...and more!

ISO 27001 to create TPRM KPIs & KRIs

KPIs, KRIs and Management Reporting for Effective TPRM
 
Maintaining a strong third-party risk management (TPRM) program means understanding key performance and risk metrics and clear management reporting at all levels. However, measuring risk from third parties can be complex, requiring you to translate obscure metrics into potential business impacts. And, once you define ways to measure risk, you still need benchmarks and standards to compare your program's effectiveness.
 
Join Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, as he guides you through how to correlate performance and risk metrics for more informative, business-aligned TPRM program reporting.
 
In this webinar, Bob will share practical tips for:
- Defining and implementing meaningful and actionable TPRM KPIs and KRIs
- Leveraging risk triggers to unearth your major pillars of risk
- Fostering a "collective risk management" framework in your organization
- Evolving TPRM metrics from checklists to continuous risk management
- Incorporating KPIs and KRIs into effective management reporting at all levels

KPIs, KRIs and Management Reporting for TPRM

As organizations rely more on third-party vendors and complex supply chains, managing cyber risk within these external relationships has become critical. But with so many standards, how do you know which is right for your organization?

Join compliance experts Thomas Humphreys and Sophie Pothecary as they explore how common National Institute of Standards and Technology (NIST) supply chain security frameworks can be applied to enhance visibility, control, and risk mitigation in third-party and supply chain environments.

During the webinar, Thomas and Sophie will:
- Examine the core components of key NIST cybersecurity frameworks and how they apply to supply chain risk management.
- Review real-world examples of successful NIST control implementation, including best practices for improving supplier compliance.
- Discuss practical strategies to assess, monitor, and mitigate risks associated with third-party vendors using the NIST frameworks.
- Reveal actionable insights on how to implement continuous monitoring to detect and respond to emerging threats in the extended enterprise.

How to Use NIST Cybersecurity Frameworks to De-Risk Third-Party and Supply Chain Management

NIST

TPRM

Third-Party Risk Management

Supply Chain

Supplier Risk

NIST Frameworks

Supply Chain Risk Management.

Compliance

Enterprise Risk

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to Use NIST Cybersecurity Frameworks to De-Risk Third-Party and Supply Chain Management

Presented by

About this talk

More from this channel