IronRoot
IronRoot
Risk Consultants
Services
AI risk assessmentCyber risk & gap assessmentFFIEC/GLBA readinessCompliance readiness (SOC 2 / HIPAA / ISO)Third-party risk (TPRM)Internal security assessmentSecurity awareness & training
ProcessFAQ
Request a Consultation
Consult
Defensible and repeatable

Third-party risk (TPRM)

Vendor risk assessments built for lean teams: clear tiering, right-sized due diligence, and documentation that holds up.

Request a consultationBack to home

What we do

Simple structure, strong evidence.

Inventory & tiering
Get a complete vendor list and a tiering model that matches your risk and exam/audit expectations.
Due diligence packages
Right-sized due diligence (SOC, DPA, subprocessors, incident terms) based on vendor tier.
Exceptions and tracking
Document gaps and exceptions, track follow-ups, and keep a clean evidence trail.