Third-Party Risk Management (TPRM)
As part of UCLA’s ongoing effort to effectively manage third-party risks and ensure compliance with regulatory requirements, it is essential that we understand and manage the risks that third-party relationships may pose to the University. UCLA’s Departments/Units broadly engage with third parties to achieve various educational goals. In most cases, these third-party services/products present risks that may adversely impact UCLA.
This service is provided at no cost to campus.
- The UCLA Third-Party Risk Assessment (TPRM) is used to evaluate third-party information security program and practices as well as to determine if any risks exist and if any compensating controls may be required.
- The assessment identifies gaps in a third party’s ability to comply with the University’s security requirements during the pre-contract phase.
- Risk domains include application/service security, business continuity, security policies and procedures, etc.
- Uses a risk-based approach to apply more scrutiny on high risk third parties
- Enables understanding of residual risk posed by third-parties
- Provides enhanced risk coverage across a broader set of risk domains, including cloud security, compliance, human resources (HR) security, etc.
- Assists with compliance efforts in alignment with University policy and applicable laws
All Campus Units are provided this service.
Contact [email protected] to learn more.