Third-party risk management is a multi-billion dollar industry based on arduous questionnaires, human-intensive reviews, and point-in-time risk assessments. But at least it is effective, right? Right? This is not what we found in Kenvue. There is another way. We implemented an automated, model-based TPRM system for cyber risks which continuously monitors 100% of our supplier base, reduces time and cost of assessing by 5-10x, and relies on internal and external data readily available to virtually any company. Kenvue now focuses more on treating third-party cyber risk. Come hear our lessons learned and recommendations for anyone looking to embark on a similar journey.
