Where risk management meets strategic advantage. Explore innovative solutions and breakthrough insights with your Connected Enterprise GRC across Cyber Risk, TPRM, MRM, EUC Management and IT Risk. Turn regulatory complexity into business opportunity.  

The only way to ensure your plan does not have any vulnerabilities or gaps is to test it regularly, and a great way to test your plan is through a tabletop exercise. Join us for an educational webinar on enhancing your active shooter emergency response planning through a tabletop exercise. Our Senior Consultant, Doug Langley, will equip participants with the tools and knowledge to ensure the effectiveness of their emergency plans.

Key topics include:
- Preparing for an active shooter
- Overview of tabletop exercises
- Live run-through of an active shooter tabletop exercise in a safe and controlled environment
- After action discussion

Watch now for an abbreviated tabletop exercise that will help expose gaps or vulnerabilities in your response plans and suggestions for patching them.

Active Shooter Tabletop Exercise

In an era where unexpected disruptions, ranging from nationwide cellular outages to localized flooding, can strike at any moment, the efficacy of your organization's business continuity plan becomes paramount. Can you confidently say that your plan is comprehensive enough to address the challenges posed by various disasters? The surefire way to validate and fortify your preparedness is through rigorous testing. But where do you start?

We cover pivotal testing topics, including:
- Types of disasters to plan for
- The lifecycle of testing
- Tabletop exercises and their significance
- Post-test action items
- Utilizing software to test your plan

Watch now to ensure your business continuity plan not only stands up to scrutiny but evolves as a shield against the unpredictable challenges of the modern business landscape.

How to Use Testing to Effectively Prepare & Respond to Disasters

In the time it takes to drink your morning coffee, discover the three overlooked pillars that help top-performing companies stay resilient while others stumble. In a world where a single outage or third-party failure can bring operations to a halt, resilience isn’t just protection, it's a competitive advantage.

This episode gives you clear, practical takeaways you can use immediately to strengthen your resilience strategy and eliminate the blind spots that put your business at risk.

In this fast-paced episode, you will learn:
- What truly matters in your business and how to pinpoint your real critical services.
- How to design for disruption so operations continue even when key providers fail.
- How to uncover hidden dependencies and concentration risks before they become crises.
- How repeatable playbooks and the right tech turn chaos into coordinated response.

You’ll walk away with a simple, actionable blueprint for building a business that doesn’t break under pressure but stays ahead of it.

The Resilience Blueprint: The Three Pillars Top Companies Use That Others Overlook

Who owns third-party risk? If your answer is “vendor management,” that’s the first blind spot. Fragmented workflows across legal, compliance, risk, and procurement let issues slip through the cracks—turning isolated gaps into organization-wide incidents. Cross-department collaboration isn’t optional; it’s the control.

In this session, legal and risk experts Liz Lugones and Madeline Reigh will explore how to break down silos between departments, build a unified strategy, and strengthen your organization’s ability to anticipate, manage, and respond to third-party threats.

Key Discussion Points:
- The ripple effect of risk: Why third-party incidents create consequences across legal, compliance, and business operations.
- Legal’s role in vendor risk: From contract enforcement to breach response, how legal is central to third-party governance.
- Breaking silos for better outcomes: Practical steps to align teams, improve visibility, and strengthen incident response.
- Technology as the connector: How automation and data-driven insights can bridge gaps across departments.

Beyond the Breach: Uniting Legal, Risk & Compliance Against Third-Party Threats

Interconnected risks are no longer just a concept - they're a daily reality.
From cybersecurity and compliance to third-party and operational threats, today’s organizations face a web of risks that don’t sit neatly in silos. Navigating this demands more than just isolated controls - it calls for strategic alignment, real-time visibility, and cross-functional collaboration.

Join Mitratech and ACI Worldwide for a live webinar exploring how leading companies are rethinking their risk strategies and using modern technology to connect the dots.

What You’ll Learn
- How overlapping risks are emerging across compliance, cyber, operational, and third-party domains
- Why managing risks in silos is no longer sustainable - and what to do instead
- Real-world examples of integrated risk strategies in action
- How to use technology and automation to break down barriers and drive smarter decisions
- Practical insights into building a unified risk culture across teams and regions

Discover how to build a smarter, more connected approach to managing today’s complex risk landscape.

Interconnected Risks: Moving from Concept to Action

Artificial intelligence is transforming the landscape of risk and compliance offering both extraordinary opportunities and unprecedented challenges. 

In this thought-provoking session, Laura Jacobus, Strategic Advisor in Integrated Risk Management at Mitratech, explores how compliance and risk leaders can harness AI responsibly to elevate their programs, streamline operations, and anticipate emerging regulatory expectations.

Drawing from her extensive experience leading corporate compliance functions and advising global enterprises, Laura discusses how AI is already reshaping policy management, investigations, monitoring, and reporting. She highlights real-world use cases where AI drives efficiency and insight  as well as common pitfalls organizations face when governance and oversight lag behind adoption.

Participants will gain practical guidance on:
- Establishing robust AI governance frameworks aligned with DOJ guidance and enterprise risk management principles.
- Assessing and mitigating third-party and vendor AI risks.
- Preparing for the evolving roles of Chief AI Officers and cross-functional oversight committees.
- Balancing innovation with privacy, ethics, and human oversight to ensure compliance integrity.

Whether you’re an AI enthusiast eager to modernize your compliance program or a cautious leader navigating the risks of automation, this session will equip you with strategies to lead confidently into the next era of compliance excellence.

The Future of AI for Compliance Champions

Artificial Intelligence (AI) has revolutionized how businesses get work done, offering enhanced efficiency and streamlined decision-making. However, AI usage in third-party relationships introduces a host of governance challenges, from ethical considerations and compliance risks to data security and accountability concerns.

Watch Michael Rasmussen, GRC Pundit and principal analyst at GRC 20/20, and Henry Umney, managing director of GRC strategy at Mitratech, as they delve into the complexities of managing AI within vendor ecosystems.

In this on-demand webinar, Michael and Henry:

Examine real-world case studies on the successes and pitfalls of AI governance in third-party contexts.
Navigate the regulatory landscape of AI in third-party engagements.
Review strategies for balancing innovation with ethical responsibility.
Identify best practices for establishing security, accountability, and transparency in AI-powered tools.

How to Govern the Use of AI in Third-Parties with Michael Rasmussen of GRC 2020

The Third-Party Risk Ecosystem is Under Pressure. Are You Positioned to Withstand It?

From regulatory upheaval to resource strain, third-party risk management (TPRM) is facing a watershed moment.

In this exclusive session in partnership with OCEG, GRC visionary Michael Rasmussen and Mitratech’s Henry Umney unpack the current state of the TPRM ecosystem - its pressures, imbalances, and opportunities through the lens of new research and deep industry experience.

Grounded in insights from Rebalancing the Risk Ecosystem: The 2025 Mitratech TPRM Study, this conversation dives into a risk environment where the canopy is expanding, but the roots remain undernourished.

What You’ll Learn:
- Why nearly 70% of TPRM programs remain understaffed, managing less than half their vendor base
- How increasing regulatory scrutiny is reshaping the role of compliance in third-party risk
- Where organizations are struggling with manual tools and fragmented oversight
- How AI adoption is gaining cautious momentum and what early adopters are doing differently
- What resilient TPRM looks like in 2025 and how to start rebalancing your own ecosystem

This is your chance to hear directly from two of the most respected voices in the space as they explore what’s next for organizations navigating a complex, evolving, and deeply interdependent risk environment.

The State of Third-Party Risk Management in 2025

In today’s unpredictable landscape, chaos is inevitable — but disruption doesn’t have to derail your business. "Getting Through the Chaos: Why Business Continuity Planning Matters" explores the critical steps organizations must take to stay resilient when incidents strike. From the first-hour response and role alignment to supply chain risks, vendor recovery, and crisis communications, our experts break down what it takes to keep operations running when it matters most.

Getting Through the Chaos: Why Business Continuity Planning Matters

As we move through 2025, organizations are navigating a rapidly changing landscape of technological advancements, regulatory updates, and evolving risks. Now is the time to evaluate how these developments are shaping third-party vendor and supplier risk management (TPRM) strategies.

Join TPRM experts Alastair Parr and Sophie Pothecary as they reflect on recent industry shifts and explore the trends driving TPRM programs throughout 2025.

In this webinar, Alastair and Sophie discuss:
- Regulatory Changes: Key regulations influencing third-party risk strategies and compliance requirements this year.
- Technology Integration: How AI and machine learning are transforming risk assessments and decision-making processes.
- Supply Chain Vulnerabilities: The latest impacts of global supply chain disruptions and strategies to mitigate related risks.
- Cybersecurity Landscape: Emerging cyber threats and their implications for third-party relationships and risk exposure.
- Best Practices for Adaptation: Actionable strategies for evolving risk management frameworks to meet today’s challenges and prepare for what’s ahead.

Third-Party Risk Management: What to Expect in 2025

In the time it takes to drink your morning coffee, discover how retailers across Europe and the UK can strengthen business continuity in the face of today’s most pressing threats. From cyberattacks and supply chain disruption to shifting consumer behaviors and regulatory pressures, resilience is becoming the new competitive advantage.


In this fast-paced episode, you will learn:

- Why continuity planning must go beyond traditional disaster recovery.
- The top modern threats facing EU/UK retail today.
- Practical steps to safeguard operations and customer trust.
- How to align continuity strategies with evolving EU and UK regulations.

The GRC Morning Coffee Show | Retail in Crisis: Building Continuity Planning in the Face of Modern Threats

As organizations rely on an increasingly complex network of vendors and suppliers, risks from third parties are also becoming more complicated. However, emerging artificial intelligence (AI)-related technologies offer new opportunities to streamline third-party risk management (TPRM) processes and keep pace with the constantly evolving risk landscape.

In this webinar, Michael Rasmussen, The GRC Pundit & Analyst at GRC 20/20 Research, dissects the top five ways you can leverage AI in your TPRM program.

Join Michael as he:

* Explores the impact of AI on TPRM processes
* Provides strategies to identify and mitigate risks with AI-driven analytics
* Examines how to streamline your existing program and free up valuable time
* Reveals how TPRM teams can use AI to address regulatory mandates
* Demonstrates how AI technology can ensure long-term TPRM sustainability

AI technologies offer unparalleled opportunities to manage a rapidly changing third-party risk landscape. Register for this webinar to learn how AI can benefit you.

How to Use AI in Third-Party Risk Management

In the time it takes to drink your morning coffee, discover why End-User Computing (EUC) from traditional spreadsheets to more modern technologies like Python remains one of the biggest hidden risks in global organizations. Explore why Digital transformation projects don't eliminate all EUCs and with AI adoption users can now create ever more complex EUCs and how renewed regulatory attention and posing significant compliance risks.

In this fast-paced episode, you will learn:
- Why EUC risks are resurging on the global risk agenda.
- The hidden dangers of unmanaged spreadsheets and user-built tools.
- How regulators are signaling closer scrutiny of EUC governance.
- Practical steps to bring transparency and control to your EUC environment.

Don’t miss this essential coffee break for risk leaders who need to regain control over hidden EUC risks.

The GRC Coffee Morning Show - Why EUC Is Relevant Now More Than Ever

The EU Digital Operational Resilience Act (DORA) introduced a new regulatory framework designed to strengthen the resilience of financial entities against ICT-related incidents and third-party risks. How prepared is your organization to address DORA requirements with the impending January 2025 compliance date?

Join our expert speakers, Gareth Stinton, Cyber Security Specialist, and Connor Conlan-Coke, Cyber Security Consultant at Toro Solutions, as well as Alastair Parr, SVP of Global Products & Services at Prevalent, as they delve into the third-party risk management intricacies of DORA and offer actionable strategies to ensure compliance and safeguard your organization against ICT risks.

In this webinar, our experts share:
- A comprehensive roadmap to achieving and maintaining compliance with DORA, highlighting key requirements and timelines.
- Best practices for identifying, assessing, and managing risks associated with third-party vendors and service providers.
- Insights into the evolving ICT threat landscape and how to defend against them.
- Real-world case studies showcasing successful DORA TPRM strategies.

A well-structured TPRM program puts your organization on a path to DORA compliance. Don't miss this opportunity to stay ahead of emerging threats and regulatory requirements.

Navigating DORA and TPRM: Ensuring Compliance and Operational Resilience

In the time it takes to drink your morning coffee, discover how your financial institution may already be exposed to unmonitored AI - and what you can do about it.

AI is rapidly spreading through vendor ecosystems in financial services, often without full visibility or oversight. From algorithmic trading partners to outsourced customer analytics, your third parties could be using AI in ways that increase your regulatory, operational, and reputational risk.

In this fast-paced episode, Henry Umney and Sam Lee break down:
- Where hidden AI risk lives in your vendor ecosystem
- Why traditional third-party due diligence and model risk reviews are falling behind
- What the SEC, EU, and UK regulators expect on AI accountability
- How leading firms are starting to map and govern AI exposure across their supply chain

If you touch TPRM, model risk, compliance, or enterprise risk in financial services, this episode delivers focused insight and clear next steps - no fluff.

The GRC Coffee Morning Show - Unknown AI, Known Risk: Managing AI Exposure in the Financial Services Vendor Ecosystem

The EU's NIS2 Directive introduces new cyber security requirements to enhance the resilience of critical sectors against growing cyber threats.

Join Toro Solutions and Mitratech risk and compliance experts as they explore the key provisions of NIS2, focusing on risk assessment, incident reporting, and third-party risk management requirements.

In this webinar, our experts share: 
- The key essential requirements of NIS2 and the practical steps your organization can take to meet them.
- Best practices for managing cyber security risks and securing supply chains
- Insights into the evolving cyber threat landscape and how to protect your organization

Mastering Third-Party Risk Management Compliance Requirements in NIS2

AI has transformed how organizations conduct their work. But for every improvement in productivity that AI delivers comes risk - data security, transparency, bias and more. How can organisations understand the types of risk exposures arising from AI and its growing and pervasive application across industries?

In this webinar, risk management experts from 3VRM and Mitratech will examine how to ensure your third parties have the proper controls over their usage of AI. 

The webinar will:
- Identify tools to integrate AI as a risk domain.
- Review the impact of the EU AI Act and other AI-related legislation in determine third-party preparedness.
- Examine the roles involved in managing AI risk: Who owns AI risk, who is responsible for managing it.

Clarify oversight and risk management mechanisms required to ensure AI governance.

This webinar will deliver the guidance and best practices necessary to ensure third party AI usage aligns with your organization's governance standards.

How to Manage the Rise of AI in Third-Party Risk Management

As organizations wake up to the looming threats posed by third-party entities, security and risk management teams are beginning to realize that a truly effective third-party risk management (TPRM) program requires more than just fancy tech - it hinges on seamless internal communication and bulletproof processes. Yet, for most organizations, the conversation still often starts with tech.

Join Eric Brown, CISO at Cytokinetics, for a lively Q&A-style webinar as he examines the key steps in transforming TPRM into a business conversation easily understood across the enterprise.

Eric in this session:

- Explains how he creates awareness of third-party risks throughout the organization, including quantifying the potential impact of an incident to operations

- Diagrams key processes and program mechanics, including attributes used for vendor and supplier profiling and tiering, risk dispositioning, and escalation

- Discusses how to maintain ongoing engagement with the board, compliance, legal, and other executive teams by transforming third-party risk into a business conversation

Whether establishing a new TPRM practice or maturing an existing program, this webinar will help you think about the non-technical attributes of a well-managed program.

CISO Interview: How to Build a Business Case for TPRM

The Shared Assessments Standard Information Gathering (SIG) questionnaire is a key component in many companies' vendor risk management programs, serving as an industry benchmark for assessing third-party controls across 21 risk domains in four key control areas, including Governance & Risk Management, Information Protection, IT Operations & Business Resilience, and Security Incident & Threat Management. Now that the 2025 update is available, what do you need to know?

In this webinar, compliance experts Thomas Humphreys and Sophie Pothecary review key changes and updates to the SIG 2025 questionnaire and share how to leverage new mappings to standards and regulations such as NIST CSF 2.0, NIS2, DORA, and more.

Join Thomas and Sophie as they:
- Introduce the SIG questionnaire and its risk domains.
- Review the top changes and how it compares to 2024.
- Demonstrate how to maximize its value for third-party risk management.
- Recommend steps your TPRM team should take now.

Third-Party Risk Assessments: Updates to SIG 2025

Considering the growing dependency on third-party relationships, ensuring the security, compliance, and operational resilience of your vendors and suppliers is more critical than ever. Yet, even the most robust due diligence programs can leave gaps that expose organizations to security, financial, operational, and reputational risks.

Join Bryan Littlefair, past Global CISO of Vodafone Group and Aviva, as he uncovers the most common weaknesses in third-party due diligence approaches and provides practical strategies to address them.

In this webinar, Bryan will:

- Identify the most overlooked areas in third-party due diligence.
- Suggest approaches to enhance risk assessment processes with modern tools and technologies.
- Provide tailored due diligence guidance based on industry and vendor type.
- Examine frameworks and best practices to build a comprehensive due diligence strategy.

Top Tips for Filling in Third-Party Due Diligence Gaps

Fourth and Nth parties are the vendors of your vendors – many of which you may not even be aware of. With increasing numbers of supply chain breaches, understanding risks in your extended vendor ecosystem is more critical than ever. The problem is that most risk management programs cannot effectively evaluate threats at all levels of a supply chain without the right visibility.
 
Join Bob Wilkinson, CEO of Cyber Marathon Solutions and former CISO at Citigroup, as he discusses best practices for gaining deeper risk visibility into your organization's extended fourth and Nth party vendor and supply chain ecosystem.
 
In this webinar, Bob examines:
·    Techniques for discovering and mapping your 4th and Nth-party relationships
·    Strategies for building a deeper and broader vendor risk management database
·    Solutions that can accelerate fourth-party risk identification and remediation
·    Executive and board-level tips for responding to fourth-party incidents
·    Program requirements for avoiding "one-and-done" audit clauses

How to Incorporate 4th Parties Into Your TPRM Program

Third-party relationships are both essential and risky. Look no further than Change Healthcare, National Public Data, or Snowflake to see how an incident involving one of your vendors, suppliers, or partners can have far-reaching implications for your organization—from financial losses to reputational damage and regulatory penalties.
 
Join Dave Shackleford of Voodoo Security as he explores the hidden vulnerabilities of third-party partnerships and why they demand your organization’s immediate attention.
 
In this webinar, Dave will:
- Review common oversight areas in third-party risk management that lead to incidents.
- Delve into the latest regulatory trends surrounding third-party cybersecurity compliance.
- Examine the ripple effects of third-party breaches.
- Identify best practices for assessing, monitoring, and remediating risks in your third-party ecosystem.
 
This webinar will equip your team with the knowledge and tools to strengthen your cybersecurity posture and protect your business from the unexpected.

Why You Should Take a Third-Party Breach Seriously

GRC – short for Governance, Risk, and Compliance – is the alignment of processes, technologies, and people in an organization with a repeatable framework for risk-based decision-making. But considering the growing number of data breaches involving a vendor, supplier, or other third party, third-party compliance requirements, and supply chain disruptions, does a GRC solution go far enough to address third-party risks? And does it offer any advantages over a third-party risk management (TPRM) solution?

Join third-party risk management expert Tom Garrubba as he leverages his experience to explore the differences between GRC and TPRM solutions.

In this session, Tom will:
- Define what is involved in GRC
- Explain how third-party and GRC are related
- Review the pros and cons of GRC and TPRM solutions
- Identify the use cases for both GRC and TPRM solutions in your enterprise
- Share best practices for proactively addressing risks in the extended enterprise

Understanding the nuances and relationship between GRC and TPRM can help you proactively address and mitigate risks facing your organization.

GRC vs TPRM: How They Work Together

ISO 27001 is an internationally recognized information security standard used in more than 100 countries. When it comes to third-party risk management, it provides a clear framework for identifying and managing supplier risk. However, how do you know if you're applying it correctly?
Join compliance experts Sophie Pothecary and Thomas Humphreys as they discuss how ISO 27001 applies to managing third-party risk and strategies to use the framework to measure your TPRM program's success.
In this interactive webinar, Sophie and Thomas will:
• Introduce the ISO 27001 standard
• Define how to map TPRM practices to the Information Security Management System (ISMS) and ISO controls
• Identify which key controls are the most impactful
• Examine ways to translate these controls into actionable key performance indicators (KPIs) and key risk indicators (KRIs)
• ...and more!

ISO 27001 to create TPRM KPIs & KRIs

Findings from the Deloitte Global Third-Party Risk Management Survey acknowledge growing uncertainties and headwinds in macro-economic and business environments. Despite these headwinds, third-party risk management (TPRM) is essential to a company's security and resilience.
 
In this webinar, Danny Griffiths and Michael Nassar, Partners at Deloitte, will examine insights from the Deloitte survey and recommend tangible actions to help your organization navigate the TPRM headwinds.
 
Join Danny and Michael as they:
- Review key findings from the latest Global TPRM Survey
- Discuss significant macro-economic and business environment challenges impacting TPRM
- Examine the importance of balancing your TPRM program's expectations and capability
- Provide recommendations for developing your TPRM program's priorities or improving its maturity

Deloitte Webinar - TPRM Survey Findings

Third-party data breaches continue to impact organizations across all industries. As we found in our 2023 Third-Party Risk Management Study, 41% of companies reported a third-party breach, and 71% consider third-party security breaches to be a top concern. So, how can you stay on top of the growing number of cyber risks?

Join Dave Shackleford, CEO at Voodoo Security and SANS Senior Instructor, as he shares his insights on the most important steps to prepare your third-party cybersecurity program.

In this webinar, Dave will:
- Examine emerging trends in third-party cybersecurity
- Discuss how to identify the third-party cyber risks that pose the greatest danger to your organization
- Explore ways to reduce software supply chain vulnerabilities - and the latest lessons from the ongoing MOVEit hack
- Review the current state of the NIST Cybersecurity Framework (CSF) draft 2.0
- Provide best practices for your third-party incident response plan

This webinar will deliver insights and a roadmap to help you prioritize cybersecurity in your third-party risk management program in 2024.

Third-Party Cyber: Emerging Trends & What to Do in 2024

Third-Party Risk Management (TPRM)

Performing due diligence is pivotal in identifying, assessing, and mitigating risks associated with third-party relationships. One of the biggest trends in third-party risk management (TPRM) is managing various types of third parties, diverse activities, and approaches to due diligence, all while adopting a risk-based strategy. So, where do you start?

Join Samira Duijnmayer of Booking.com as she leverages her experience to share insights on how robust due diligence processes can serve as the backbone of effective TPRM programs.

In this webinar, Samira will discuss:
- The importance of risk-based due diligence
- What are the minimum requirements for due diligence
- What activities apply to high-risk third parties
- Tips and best practices for managing third parties
- Tactics and to educate and manage and mitigate fourth, and Nth-party risk
- Whether you are a compliance officer, risk manager, or procurement specialist, this webinar will equip you with the knowledge and tools needed to implement a risk-based approach to third-party due diligence. 

One of the biggest trends right now is managing multiple types of third parties, different activities and approach to due diligence and taking a risk based approach to this.

Risk-Based Approach to TPRM Due Diligence

Third Party Risk Management

TPRM

Risk Management

Managed Security

Security

Due Diligence

Nth-party risk

4th Parties

Compliance

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Risk-Based Approach to TPRM Due Diligence

Presented by

About this talk

Mitratech Risk & Resilience