TPRM Compliance Solutions

Cybersecurity Frameworks

Adhere to guidelines, best practices and standards for identifying, assessing, and managing third-party cybersecurity risks to your organization.

Key Frameworks

• CAIQ - Cloud Security Alliance
• CIS Controls 15 and 17 - Center for Internet Security
• CMMC - U.S. Department of Defense
• Executive Order on Improving the Nation's Cybersecurity
• ISO 27001, 27002 & 27036-2 - International Standards Organization Controls
• NCSC Supply Chain Cyber Security Guidance - UK National Cyber Security Centre
• NIST AI Risk Management Framework - National Institute of Standards and Technology
• NIST CSF v2.0 - National Institute of Standards and Technology
• NIST SP 800-53 - National Institute of Standards and Technology
• NIST SP 800-161 - National Institute of Standards and Technology
• PCI DSS - Payment Card Industry
• SEC Cybersecurity Disclosure Rules - U.S. Securities and Exchange Commission
• SIG Questionnaire - Shared Assessments
• SOC 2 - American Institute of Certified Public Accountants (AICPA)

ESG Regulations

Review and report on environmental, social and governance practices and performance in your extended supply chain.

Key ESG Regulations

• CSDDD - EU Corporate Sustainability Due Diligence Directive
• Corporate Due Diligence and Accountability - EU Draft Directive on Corporate Due Diligence and Corporate Accountability
• CTSCA - California Transparency in Supply Chains Act
• CSRD - EU Corporate Sustainability Reporting Directive
• FCPA - U.S. Foreign Corrupt Practices Act
• Forced Labour Act - Canadian Fighting Against Forced Labour and Child Labour in Supply Chains Act
• German Supply Chain Due Diligence Act
• UK Bribery Act of 2010
• UK Modern Slavery Act of 2015

Industry Guidelines

Follow best practices for assessing, monitoring and mitigating risks associated with your organization's vendor and supplier relationships.

Key Guidelines

• APRA CPS 234 - Australian Prudential Regulation Authority
• DORA - EU Digital Operational Resilience Act
• EBA Outsourcing Guidelines - European Banking Authority
• FCA FG 16/15 - UK Financial Conduct Authority
• FFIEC IT Examination Handbook - Federal Financial Institutions Examination Council
• GxP - Good [Industry] Practice
• Interagency Guidance on Third-Party Relationships - U.S. Federal Reserve, FDIC and OCC
• KYC - Know Your Client
• MAS Guidelines on Outsourcing Third-Party Arrangements - Monetary Authority of Singapore
• NERC - Critical Infrastructure Protection (CIP) Standard
• NERC - Security Guideline for the Supply Chain Cyber Security Risk Management Lifecycle
• NERC - Security Guideline for the Vendor Risk Management Lifecycle
• NY CRR 500 - New York State Department of Financial Services
• OSFI B-10 - Canadian Government Office of the Superintendent of Financial Institutions
• OSFI B-13 - Canadian Government Office of the Superintendent of Financial Institutions
• PRA SS2/21 - Bank of England Prudential Regulation Authority
• TISAX - Trusted Information Security Assessment Exchange

Data Privacy Regulations

Ensure that third-party vendors and service providers are able to safeguard personal information and prevent its misuse.

Key Privacy Regulations

• CCPA and CPRA - California Consumer Privacy Act & California Privacy Rights Act
• GDPR - General Data Protection Regulation
• GLBA - Gramm-Leach-Bliley Act Safeguards Rule
• HIPAA - Health Insurance Portability and Accountability Act
• NIST SP 800-66 - National Institute of Standards and Technology
• NY SHIELD Act - New York State Stop Hacks and Improve Electronic Data Security Act
• PDPA - Singapore Personal Data Protection Act
• Québec Law 25 - Québec Private Sector Act