Questionnaire-based, point-in-time third-party risk management (TPRM) is increasingly seen as inadequate by CISOs, analysts, and journalists. A vendor can be fully compliant on paper while still introducing real risk, and annual assessments describe a moment that has already passed. The argument is that risk is continuous, so assurance must be continuous too — drawing on live evidence, outside-in signals, and ongoing monitoring for vendor drift after assessments close. TrustCloud's TrustLens platform is presented as an example of this shift, using agentic AI to automate over 70% of assessment work while keeping final decisions with human analysts. One customer reportedly assessed 5,000+ suppliers in six months — a 10x improvement — surfacing 4x more critical gaps than before.
Nguồn: https://securityboulevard.com/2026/07/why-third-party-risk-management-is-broken-according-to-cisos-and-analysts. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.