Third Party Risk Management (TPRM) is the process of identifying, assessing, and controlling risks presented through the lifecycle of a relationship with third parties. The Office of the Comptroller of the Currency (OCC) defines a third‐party relationship as any business arrangement between a company and another entity, by contract or otherwise. Third parties can perform any number of activities and services both internally and externally at a company, from landscaping and cleaning services, to managing intellectual property, processing customer data, outsourcing business functions, and countless other activities. Businesses also use third parties to grow their existing business (i.e., to attract and grow the customer base) or to improve efficiencies internally (i.e., to allow staff to work smarter, not harder).

The average company has nearly 600 vendors who have access to customer personal identifiable information (PII). On average, nearly 90 vendors can access a company's network on a weekly basis. Because they have access to your customer data or your network, performing due diligence on your third parties is crucial. TPRM amasses all the relevant information from the vendor to gather, review, and provide guidance on their risks. It is an end‐to‐end process, from the intake of the vendor to their offboarding when their service is no longer needed.

Five main areas make up Third Party Risk Management:

• Reputation risk: The threat or danger ...