Latest news with #TPRM
Entrepreneur
14-06-2025
- Business
- Entrepreneur
Entrepreneur UK's London 100: Risk Ledger
Industry: Cybersecurity Haydn Brooks, CEO and co-founder, founded Risk Ledger to solve the efficiency and effectiveness flaws at the heart of third-party risk management (TPRM). It's no longer enough to focus solely on the security of direct suppliers and partners. "Recent attacks like SolarWinds, Log4J, and MOVEit Transfer have shown how vulnerabilities in the extended supply chain – beyond just third parties – can cause serious harm. Today's complex, interconnected supply chains require a new approach," says Brooks. Risk Ledger brings together security teams at client organisations with those of their suppliers and industry peers, creating a community that can Defend-as-One against supply chain attacks. This shifts TPRM from being a reactive, administrative risk management task to becoming a form of active cyber defense.
Zawya
21-05-2025
- Business
- Zawya
UAE born Genesis Platform ignites a new era of AI-driven third-party cyber-risk management for the GCC
Third-Party Risk Management (TPRM) is the discipline of identifying, assessing, and continuously monitoring the cybersecurity posture of the hundreds or even thousands of external vendors, suppliers, and partners modern enterprises rely on. Because every connected third party can become an attacker's entry point, TPRM has become a board-level priority across banking, energy, government, and beyond. Genesis Platform, the UAE-built platform that automates this entire lifecycle, today announced the GCC rollout of its next-generation TPRM solution while simultaneously showcasing the platform inside the official UAE Pavilion at GITEX Europe (Berlin, 21–23 May 2025). The launch comes at a pivotal moment: the Middle East records the world's second-highest breach costs averaging US $8.75 million per incident. Why the Timing Is Perfect for the GCC Regulatory Pressure: The UAE Central Bank's Outsourcing Regulation requires banks to prove robust third-party oversight. Central Bank Rulebook Saudi Arabia's National Cybersecurity Authority (NCA) mandates a documented third-party cybersecurity policy in its Essential Cybersecurity Controls. Digital-Economy Ambitions: The UAE's 2031 vision and the region's broader digital-economy strategies hinge on trusted supply chains and secure data interchange. CybersecAsia The UAE's 2031 vision and the region's broader digital-economy strategies hinge on trusted supply chains and secure data interchange. CybersecAsia Escalating Risk & Cost: Breach costs in the Middle East rose nearly 9 % in the past year, outpacing global averages. The National The UAE's First Home-Grown Third-Party Cyber-Risk Platform Engineered for the Gulf's evolving threat landscape, Genesis gives UAE organisations a clear benchmark of their own and their vendors' cyber-security maturity. By fusing real-time external-attack-surface data with AI-driven analytics, the platform delivers actionable insights that go far beyond traditional vendor scorecards. What Makes Genesis Different Legacy Approach Genesis Advantage Static questionnaires that delay onboarding by weeks AI Auto-Fill cuts vendor response time by up to 90 % One-off assessments Continuous outside-in scanning (DNS, misconfig, breach intel) keeps scores live Siloed spreadsheets Unified dashboard mapping scores to Global standards like ISO 27001, DORA, GDPR and more Manual remediation follow-up AI-generated fixes and workflow tracking built in Availability Genesis is now inviting GCC organisations to join its Early Adopter Programme, offering: 20-day full-feature trial Complimentary vendor-portfolio scan (up to 10 suppliers) Executive risk briefing aligned to local regulations About Genesis Genesis is the GCC's first home-grown, AI-powered third-party cybersecurity risk-management platform. Headquartered in Ras Al Khaimah, the company's mission is to accelerate secure digital transformation by eliminating manual questionnaires and delivering real-time vendor intelligence.
Associated Press
14-05-2025
- Business
- Associated Press
SAFE Recognized as a Representative Vendor in the 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions
SAN FRANCISCO, May 14, 2025 /PRNewswire/ -- SAFE, the leader in autonomous cyber risk management, today announced it has been named a Representative Vendor in the 2025 Gartner Market Guide for Third-Party Risk Management (TPRM) Technology Solutions. The Market Guide, published by Gartner analysts on May 5, 2025, provides insights into the evolving TPRM landscape and guidance for organizations evaluating technology solutions to manage growing third-party risks across cybersecurity, compliance, procurement, legal, and supply chain functions. What Gartner Says About SAFE TPRM Gartner notes that 'SAFE TPRM empowers data-driven, risk-based decisions with continuous visibility and automation. Built on open standards such as FAIR-CAM and FAIR-MAM, it integrates threat intelligence, inside-out/outside-in monitoring, and automation to unify first- and third-party cyber risk, enhancing scalability and trust.' According to Gartner, 'the market is fragmented: integration, scalability, and automation are major differentiators.' The report highlights that vendors are investing in 'integrated, cross-functional solutions to better serve diverse stakeholders across the enterprise' and that there is a 'growing interest in AI and automation to handle the complexity and labor intensity of TPRM.' What SAFE TPRM Does SAFE's Autonomous TPRM platform is powered by Agentic AI, an intelligent, autonomous AI framework purpose-built to reduce manual effort, increase coverage, and accelerate third-party risk management without increasing headcount. SAFE's Agentic AI enables enterprises to move from fragmented, manual TPRM workflows to a unified, continuous, and autonomous approach — delivering real-time, actionable insights across the entire vendor ecosystem. 'SAFE's inclusion in the Gartner Market Guide reinforces our commitment to disrupting the status quo in third-party risk management,' said Saket Modi, CEO & Co-Founder at SAFE. 'We're proud to lead the shift from reactive, manual approaches to proactive, autonomous TPRM powered by 25+ specialized TPRM AI Agents.' SAFE's AI-powered TPRM platform empowers organizations to: Experience SAFE TPRM Experience SAFE's Autonomous TPRM platform powered by Agentic AI. Take a test drive at About SAFE SAFE is redefining cyber risk management with Agentic AI. By leveraging Agentic AI, SAFE not only assists but autonomously drives actions across Enterprise and Third-Party Risk Management. SAFE is the first vendor to deliver 100% automated Third-Party Risk Management powered by Agentic AI. The SAFE platform empowers organizations to operationalize and scale cyber risk management with unmatched efficiency. Global leaders like Google, Fidelity, T-Mobile, Chevron, Peloton and more trust SAFE to scale their cyber risk programs with speed, accuracy, and radical efficiency. Learn more at View original content to download multimedia: SOURCE SAFE
Business Wire
07-05-2025
- Business
- Business Wire
ProcessUnity Introduces Generative AI Technology for Intelligent Questionnaire Scoping and Instant Controls Validation for Third-Party Risk Management
CONCORD, Mass.--(BUSINESS WIRE)--ProcessUnity, The Third-Party Risk Management Company, today introduced Evidence Evaluator, groundbreaking generative AI that reduces the manual lift of assessing and validating third-party security controls. A key component of ProcessUnity's leading Third-Party Risk Management (TPRM) Platform, Evidence Evaluator automatically reviews third-party evidence and populates assessment responses complete with references to the specified evidence in the source documents. "Evidence Evaluator is purpose-built for third-party risk management. It delivers confidence, precision, and speed right where customers and their third parties need it most: vendor assessments." For third-party risk teams overwhelmed by the hours spent reading security policies, SOC 2 reports, ISO 27001 certifications, and other evidentiary documentation, Evidence Evaluator delivers a more consistent, accurate, and faster alternative. The technology analyzes third-party evidence, generates responses to questionnaires with supporting rationale and page reference locations, and flags any discrepancies in a third-party's controls. Unlike other AI-based TPRM assessment tools on the market, Evidence Evaluator stands out because it prioritizes: Accuracy – Built and trained on ProcessUnity's expansive cybersecurity large language model that delivers highly relevant reasoning behind each contextual result to reduce assessor review cycles. Privacy – Built and trained in-house, with strict data protections in place. All data is encrypted in transit and at rest, and user-provided inputs are discarded after processing. Flexibility – Created as framework-agnostic, Evidence Evaluator recognizes the nuances in language between different standards, regulations, and custom assessments. Adaptability – Continuously updated through automated retraining, the dataset and resulting platform evolves to keep up with changes in industry language and regulations. Integration – Embedded directly into the ProcessUnity TPRM platform, Evidence Evaluator eliminates the need for separate AI tools or manual integrations. 'We invested heavily in developing this advanced GenAI model to deliver far more than a generic, open-source tool,' said Dan Tobin, Senior Director of Analytics at ProcessUnity. 'Evidence Evaluator is purpose-built for third-party risk management. It delivers confidence, precision, and speed right where customers and their third parties need it most: vendor assessments. And because it's fully integrated into our platform, teams can realize these benefits immediately.' Built to Review the Documents That Define Third-Party Risk Posture Trained using the world's most comprehensive Third-Party Risk Management Large Language Model (LLM), Evidence Evaluator reads and understands virtually any document submitted as part of the vendor assessment process, accurately analyzing and interpreting the documents your team relies on to validate third-party controls. Examples include: Statement of Controls Reports (SOC 1, SOC 2, etc.) Certifications (ISO 27001, etc.) Completed Questionnaires (SIG Core, SIG Lite, etc.) Compliance Attestations (GDPR, CCPA, etc.) Information Security Policies & Procedures Business Continuity / Disaster Recovery Plans Whether your third parties provide formal audit reports or internal policies, Evidence Evaluator extracts relevant insights and translates them into accurate, defensible responses, helping your team move from document review to decision faster than ever before. About ProcessUnity ProcessUnity is the Third-Party Risk Management company. Our software platforms and data services protect customers from cybersecurity threats, breaches, and outages that originate from their ever-growing ecosystem of business partners. By combining the world's largest third-party risk data exchange, leading TPRM workflow platform, and powerful artificial intelligence, ProcessUnity extends third-party risk, procurement, and cybersecurity teams so they can cover their entire vendor portfolio. With ProcessUnity, organizations of all sizes reduce assessment work while improving quality and securing intellectual property and customer data so business operations continue to operate uninterrupted. To learn more about Evidence Evaluator or to request a demo, visit our Evidence Evaluator page on the website.
