Strategy to tactics: How to tackle third-party risk management

On-demand virtual event

The use of third-party vendors has increased exponentially, exposing organizations to high-profile risks like never before. This is why third-party risk management (TPRM) now consistently features on board agendas in forward-thinking companies.

View this virtual event and discover how to build a strategy and implement practical tactics to tackle the common challenges of TPRM.

Session 1: Strategy | Your blueprint for an effective TPRM strategy
Michael Rasmussen, GRC Research Analyst & Pundit at GRC 20/20 Research

Get a blueprint for building an effective, cross-functional strategy for managing third parties in today’s dynamic environment of evolving business, regulatory, and risk challenges.

Organizations need to be fully aware of the risks that can come with third parties and manage them during the entire relationship lifecycle. Without a coordinated strategy for governing third-party relationships, the organization never sees the big picture and fails to put TPRM in the context of business strategy, objectives, and performance.

This session will give you a blueprint to build an effective, cross-functional strategy for managing third parties in today’s dynamic environment of evolving business, regulatory, and risk challenges. You’ll also learn how to:

  • Define a third-party management lifecycle.
  • Establish third-party management ownership and accountability.
  • Avoid common challenges and pitfalls when building your TPRM strategy.
  • Map third-party relationships to objectives, risks, controls, issues, and other GRC areas.
Session 2: Tactics | Why automation is key to a successful TPRM process
Chris Murphey, Director of Customer Success at Galvanize

Discover how to automatically collect and screen vendor information so you can more effectively mitigate risk and provide a consistent onboarding process.

Giving third-party vendors access to your network and data exposes your organization to higher-profile risks. Ideally, a rigorous risk assessment would be performed for each vendor—but that’s unrealistic given the volume of vendors that most organizations deal with.

This is where automating your TPRM process comes in. In this session, we’ll uncover how to automatically collect and screen vendor information so you can more effectively mitigate risk and provide a consistent onboarding process. We’ll also discuss:

  • How to better understand and prioritize your procurement, security, compliance, and risk management departments and the role they play in TPRM.
  • How to integrate the internal and external data you have available to create scoring methods for automated vendor classification and follow-up actions.
  • Actionable steps and resources to start (or mature) your organization’s TPRM process.
Session 3: Demo | How to minimize and manage your third-party risk exposure 
Brad Andrews, Solutions Consultant at Galvanize

See how our solution automates the entire TPRM lifecycle—from onboarding, assessment, and remediation, to performance monitoring and ongoing review.

In recent years, high-profile third-party incidents have negatively impacted the reputations, earnings, and shareholder value of a number of organizations. As a result, investing in TPRM solutions has become a bigger priority for most organizations.

In this session, you’ll learn how we work with customers to manage their entire vendor risk process and minimize exposure to financial, operational, reputational, and security risks from third parties. Discover how our solution, ThirdPartyBond, automates the entire TPRM lifecycle—from onboarding, assessment, and remediation, to performance monitoring and ongoing review.


Michael Rasmussen - GRC Pundit, GRC 20/20 Research
Michael Rasmussen is an internationally recognized pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of enterprise GRC, GRC technology, corporate compliance, and policy management. With 25+ years of experience, Michael helps organizations improve GRC processes, design and implement GRC architecture, and select technologies that are effective, efficient, and agile. He is a sought-after keynote speaker, author, and advisor and is noted as the “Father of GRC” — being the first to define and model the GRC market in February 2002 while at Forrester.
Chris Murphey - Director of Customer Success, Galvanize
Chris Murphey is an internationally and multi-industry experienced, Governance, Risk and Compliance (GRC) professional specializing in Third Party Governance. Most notably, he served as the Director of Vendor Risk Management and Director of Financial Compliance for the world’s largest Pharmacy Benefit Manager (Fortune 22). He currently serves as the Director of Customer Success at Galvanize, where he spends his time ensuring his team provides overall customer success by delivering quick time to value for C-Level Executives looking to operationalize, mature and automate their GRC processes.
Brad Andrews - Sales Engineer, Galvanize


View the virtual event