Drata launches Third-Party Risk Management

Drata has introduced its Third-Party Risk Management (TPRM) offering, empowering customers to identify, evaluate, and monitor third-party risks in one centralized and integrated platform.

  • 11 months ago Posted in

Third-party risk has become a critical element of a strong governance, risk, and compliance (GRC) program, especially when addressing sensitivities with data protection. Drata’s new Risk Trends Report found 83% of security professionals have experienced negative consequences as a result of their current TPRM process or informal oversight process. But investment remains a challenge, with 44% of respondents saying their company may not have the appropriate staff or resources to thoroughly screen third parties.

Drata’s TPRM offering provides security teams with a comprehensive tool for identifying, assessing, and continuously monitoring risks and integrating them with internal risk profiles. This holistic approach ensures a unified, clear view of potential exposures across the entire organization to effectively and efficiently manage third-party risks.

The first phase of Drata’s TPRM capabilities include:

• Vendor Import via Okta SSO integration & Bulk Upload: streamline adding and updating vendors in a Vendor Directory.

• Vendor Impact Analysis: standardize the assessment of Vendor Impact and Impact Level by evaluating data access, operational impact, and more.

• Vendor Questionnaire Responses: gain deeper insight into vendor risk posture.

• Vendor Risks: adding reminders, categorization, and treatment to track and continuously assess the risk of vendors as part of an organization’s risk register.

• Vendor Risk Overview: easily understand, prioritize, and act on all risks across vendors.

• Vendor Insights Dashboard: keep stakeholders up-to-date on the overall risk impact of a current vendor ecosystem.

“Drata helps us extract meaningful insights from across our vendor ecosystem, and prioritize time-sensitive tasks,” said Ylan Muller, Senior IT Manager at FireHydrant. “Our team is able to formalize the tracking and management of third-party related risks and consolidate this workflow into one tool, so that we can remain vigilant in keeping our security program running smoothly.”

“It’s imperative for security professionals to have as much confidence in their third-party ecosystem as they do within the four walls of their own businesses,” said Adam Markowitz, Co-Founder and CEO of Drata. “Drata’s latest offering extends the power of its best-in-class continuous control monitoring to third-party vendors, taking TPRM to the next level.”

Drataverse Digital: Risk and Reward also features additional new capabilities including:

• NIST AI Risk Management Framework (RMF) to proactively set standards, collect evidence, and monitor controls to ensure proper governance of AI adoption across the workforce.

• HRIS integrations, automating the evidence collection and control monitoring for 23+ Human Resources Information Systems.

Talent and training partner, mthree, which supports major global tech, banking, and business...
Renowned non-profit transforms and simplifies its IT operations and efficiency with NinjaOne.
Findings from the SolarWinds 2024 State of ITSM Report showcase several more effective methods for...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
Deployed in minutes without code or consultants, Freddy AI Agent delivers fast time to value,...
Splunk has released The State of Observability 2024 report in collaboration with Enterprise...
99.7% of organizations recognize AI's potential to overcome IT challenges and drive efficiency, but...
Qualys Enterprise TruRisk Management redefines cyber risk operations by unifying diverse security...