NAVEX：2022年IT风险管理和第三方风险管理的权威指南报告（英文版）

Regardless of IT risk program maturity, an IT risk assessment is a valuable tool. This work will help identify and prioritize the IT-related risks that can lead to a costly security breach or other systemrelated failure. Third-Party Risk and Third-Party Risk Management (TPRM) Third-party risk management (TPRM) is a form of risk management that focuses on identifying and reducing risks relating to the use of third parties (often referred to as “vendors,” “suppliers,” “partners,” “contractors”