Third-party risk management (TPRM) assesses and monitors the security of vendors, contractors, and business partners who access your systems or data.
Target breach started with HVAC vendor credentials. Controls: security questionnaires, contractual security requirements, least-privilege vendor access, monitoring vendor connections, right-to-audit clauses in contracts.