The questionnaire-based TPRM model is broken, and TrustCloud has a fix

TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation.

In the latest TrustLens deployments, a Global 2000 life sciences customer leveraged the TPRM AI agent within TrustLens to assist their human agents. As a result, they were able to assess more than 5000 suppliers in six months (a 10x improvement).

The TrustLens agent enabled deterministic risk assessments using a combination of AI models and rules, expanded assessed vendor coverage from 20% to 92% of its ecosystem, and identified 4x more critical gaps about their vendors compared to the prior process, resulting in proactive remediation by their supplier landscape.

“Our industry has normalized a version of third party risk management that is process-driven rather than outcome-driven, where teams are rewarded for following a rigid process to complete assessments instead of reducing risk and leveraging agentic AI to automate process and improve accuracy,” said Jikku Venkat, Head of Product, Customer Assurance and Third-Party Risk, TrustCloud. “We have introduced an AI agent in TrustLens that automates greater than 70% of the assessment work while still giving the risk analyst control over final decisions and approvals. This replaces point-in-time attestations with continuous proof that stands up to scrutiny at any moment.”

With TrustLens’ new agentic AI capabilities, customers now have:

• The ability to automatically scope every assessment based on its inherent risk tier; the agent makes it possible to move from one-size fits all questionnaires to right-sizing every single assessment
• Real-time knowledge of a vendor’s profile, risks and gaps, and analysis of evidence and data to reduce endless back-and-forth time wasted in manually waiting for and analyzing responses
• Intelligent risk summaries, citing documentation, inside-out, outside-in data to accurately complete assessments in a deterministic and auditable fashion
• Insights and Q&A to understand business impact of risk factors, allowing anyone to ask questions about the risk posture and gaps with a vendor
• Up-to-date security posture data to enable proactive monitoring of security drift and continuously track new risks from a previously completed vendor assessment

“The future of risk assessment and reporting will require us to understand, report, and reduce risk with transparency, automation, and a data-driven approach that operates 24×7 across our entire vendor landscape,” said Dan Walsh, CISO, Datavant.