Third-Party Risk Management (TPRM)

Third-Party Risk Management is the broader organizational practice of managing all categories of risk introduced by external vendors and partners, including cybersecurity, operational, financial, compliance, reputational, and geopolitical risk. Third-Party Cyber Risk Management (TPCRM) operates within TPRM. When the conversation is specifically about cyber risk, TPCRM is the more precise term.