Third-Party Risk Management

Managing Third-Party and Supply Chain Relationships

Vendor relationships—even trusted ones—create significant operational and data risks for an organization.

Attackers can use vendors as a stepping stone to attack a company’s network. Gartner found that 60 percent of companies work with more than 1,000 third parties in their course of business, and each one opens exponentially more vulnerabilities. Cyberattacks disrupt the corporate supply chain, inhibit operations, and the data breaches originating from a third party cost an average of $200,000 dollars, according to a recent IBM study 1 .

Companies need clear and comprehensive visibility into their vendors. MorganFranklin helps businesses develop third-party relationship management (TPRM) programs that are scalable and aligned to business and regulatory needs while leveraging automation to enable rapid risk mitigation and data collection.

Tailored compliance

We look beyond checkbox compliance as we develop third party risk management programs that are customized for each company and offer tangible benefits.

Faster time to value

Our extensive knowledge of TPRM market tools and current vulnerabilities allow us to address serious concerns from the start.

Integration at the forefront

We build programs that integrate with and complement existing procurement, business, IT, risk management, audit and legal processes.


Learn more about how we can help you with your cybersecurity needs.

Contact Us

Supporting TPRM Readiness and Resiliency

MorganFranklin’s third-party risk management framework is designed to help companies enhance the visibility of their extended enterprise to manage third-party risk more effectively. Our TPRM services span the entire vendor lifecycle: vendor selection, onboarding, monitoring, and offboarding.

  1. Planning and Risk Tiering. Develop a strategic plan for supply chain risk management, including budgeting and defining risk tiers.
  2. Due Diligence and Selection. Utilizing program metrics to assist in the identification of low-risk third-party vendors for procuring services/products/partnerships.
  3. Onboarding. Negotiate contracts, review and approve risk ratings, and onboard new vendors.
  4. Continuous Monitoring. Monitor security controls, identify and remediate issues and track vendor risk profiles on a continuous basis
  5. Offboarding. Terminate third-party digital identities, reclaim corporate property, destroy unnecessary data and cease payments.

Third-Party and Supply Chain Risk Management Services

MorganFranklin advisors support all aspects of an organization’s TPRM efforts via applying industry best practices and delivering optimal services tailored to each company.  Our services include:

    • Strategy Development. Develop a TPRM strategy that is aligned to existing processes and business needs and provides long-term scalability and manageability.
    • TPRM Roadmap Creation. Assess an organization’s current TPRM maturity level and target maturity level and create a roadmap for implementing the TPRM strategy that delivers quick wins and a faster time to value.
    • Compliance Management Support. Identify key regulations and compliance standards that apply to an organization’s environment and incorporate requirements into the TPRM roadmap.
    • Tool Selection, Configuration, and Deployment: Help identify the best suited to an organization’s needs and environment and provide support throughout the deployment process.
    • Vendor Risk Management Audits. Implement vendor risk assessments that promote partnership and shared security (vs. being a burden to third-party partners/vendors).
    • Metrics Development and Reporting. Identify key program metrics and develop tracking and reporting capabilities to ensure the TPRM provides tangible benefits and avoids checkbox compliance.
    • Managed Services Support. Maintain the TPRM program through continuous risk monitoring, regular vendor assessments, targeted assessment campaigns, and ongoing evaluation of the dynamic threat environment.

Roadmap: Define where your security programs need to go

A 3-year security roadmap considers where an organization needs to go in terms of implementing security programs, while being closely aligned with business objectives. The roadmap includes an organization’s existing security programs, as well as where those programs need to advance, but has the foresight and agility to include tools and technologies that may have not yet been discovered or invented.

MorganFranklin will take into consideration the needs of the business, objectives, and risk strategy when developing the security roadmap that will be used to drive an organization’s security program and initiatives into the future. A security roadmap done right can reduce risk exposure, define clear actions when a compromise is detected, and eliminate confusion and potential panic if an attack occurs, all while keeping the business’ goals the primary focus of its efforts.

1IBM Security. (2020). Cost of a Data Breach Report.

The MorganFranklin Way™

MorganFranklin’s approach to cybersecurity strategy and GRC solutions allows our consultants to better protect your organization’s brand against threats of all kinds. We’ll tackle the broader issues associated with corporate governance, enterprise risk management, and corporate compliance with a simple, structured approach.

By aligning with your business objectives, you’ll reap benefits such as:

      • Improved decision-making
      • Optimal IT investments
      • Reduced fragmentation with the elimination of silos

You may have a thorough understanding of the need for a GRC strategy, but you may not have the team or resources to implement internally. MorganFranklin can connect you with one of our GRC experts to create a business-aligned strategy that improves your GRC and overarching cyber security decision-making abilities. From security strategy, planning, budgeting and delivery, our consultants have a strong background in IT leadership and organization design. Whether you need part-time, interim or fully outsourced help, MorganFranklin is your trusted source to define and implement an effective GRC strategy.

Related Services


We are experienced, engaged professionals that are highly energetic and motivated to work in challenging, high stakes environments.