Third-Party Cyber Risk Program Advisory
Kroll helps organizations design, enhance and operationalize third-party cyber risk programs that are scalable, risk-based and aligned to business needs.
Our advisory services support organizations that are building a new program, improving an existing program, preparing for regulatory scrutiny, integrating new technology or scaling assessment activities across a large vendor population.
Services may include:
- TPRM program maturity and gap assessments
- Policy, standard and procedure development
- Vendor tiering and inherent risk methodology
- Assessment model design
- Risk acceptance and exception workflows
- Board, executive and risk committee reporting
- Regulatory alignment and examination readiness
- Operating model design and stakeholder workflow development






