TerraTrue, an innovator in privacy, today announced the availability of automated third-party risk management within its privacy platform. Based on structured data, TerraTrue's solution provides a single workflow for every review that protects businesses from third-party risk by tracking responses to surveys and reporting on risk levels based on inputs in real time. TerraTrue streamlines the process of actively managing vendors while keeping data maps up-to-date and governing security and privacy responsibly.
Traditional approaches to third-party risk management
Managing third-party vendors has traditionally been a manual, repetitive, and time-consuming process. When a company is considering a new vendor, privacy and security teams may not even be involved, which creates blind spots when trying to see the overall risk to the company at a high level. Even if those teams are involved, figuring out questions to ask and setting up the questionnaire itself can be time-consuming and difficult to get alignment.
Questionnaires themselves can become bloated with hundreds of questions that cause delays in getting the vendor approved and might not be relevant in terms of highlighting red flags or concerns. As more third parties are brought in, it's an increasingly tough process to manage a repository of vendors that have been evaluated, worked with, deprecated, or in need of re-approval. A data map or internal directory of those vendors can easily become a liability by being out of date and inaccurate.
“There is potential risk any time a controller shares data with a vendor,” said Chris Handman, Co-Founder and COO of TerraTrue. “Events like security breaches can send privacy and security teams scrambling to assemble documentation and suss out what data was involved, how the data is used, and where the data lives outside of the company. TerraTrue ensures any records about your third parties are accurate, up to date, and easily audited. The platform provides a single source of truth to liberate companies from frantic scavenger hunts to find answers.”
TerraTrue protects businesses from risk with customizable thresholds that flag when a partner is high-risk, allowing proactive action to ensure their partners are compliant. TerraTrue also enables businesses to easily set up assessments, customize surveys, layer on risk levels, and streamline data mapping with a complete unified view of third-party lifecycle management.
“Understanding how we share our data and with whom we share it with is really important for our business,” said Chinwe Nwadiora, Privacy Program Manager at thredUp. “We currently use TerraTrue as our single source of truth to track third parties in our data map, and plan to vet new vendors in the future with the platform's third-party assessments.”
Key benefits of TerraTrue's approach to third-party risk management:
TerraTrue offers four out-of-the-box templates with the ability for businesses to import their own questions, add, and/or edit existing questions, or create a third-party assessment from scratch that suits their business requirements. Templates include:
- Infrastructure Security Questionnaire
- Physical & Data Center Security Questionnaire
- Security and Privacy Programs Questionnaire
- Web Application Security Questionnaire
- Workflow customization
Tailored assessments can layer on risk scoring frameworks to specific answers and house all of the types of assessments in one place. If a company has new versions of assessments, they can track responses to those within TerraTrue. TerraTrue's risk scoring framework can layer in risk scores for specific answers, set a threshold for risk on the assessment level, and view risk tags for completed assessments. The platform also has the capability to automatically trigger re-assessments on a user-defined basis to keep vendor profiles accurate and up to date.
Dashboard & third-party lifecycle management
TerraTrue's dashboard serves as a unified view of third-party interactions and aggregating third parties and their attributes including category (SaaS/hardware), geography, and product type (SDK, API, HTTP). The dashboard also enables businesses to instantly see the current statuses of third parties including prospective, active, deprecated, and rejected. Within the platform, active third parties with a completed Data Spec and Privacy Worksheet automatically update a data map.
TerraTrue empowers teams to build privacy and security into everything they do through a collaborative, intuitive, and scalable platform. Purpose-built to work with modern product development, TerraTrue seamlessly captures structured data about how teams plan to collect, use, store, and share data. The platform then maps that digital blueprint to the world's privacy laws to automate guidance, risk-flagging, and downstream data maps and reports. Sitting as a hub between product teams and review teams, TerraTrue also smartly routes rule-based workflows throughout an organization, automatically detects and reports infrastructure changes in cloud environments, and drives vendor management — all from the same single source of truth. Using TerraTrue, businesses run a scalable, fast pre-deployment privacy program that eliminates spreadsheets, manual ad-hoc processes, and compliance bottlenecks. TerraTrue was founded in 2018 by former Snap execs and is backed by, among others, 3L Capital, Anthos Capital, and Chris Sacca. Modern brands like Lyft, Robinhood, Roku, and Foursquare are shifting left to get privacy right with TerraTrue.
# # #
— WebWireID293144 —