Cybersecurity & TPRM Glossary
Vendor Risk Management (VRM)
Vendor Risk Management is the process of identifying, assessing, and monitoring risks introduced by third-party vendors or service providers. It helps organizations ensure that external partners do not introduce security, compliance, or operational risks.Used in enterprises to evaluate vendor security posture, compliance readiness, and ongoing risk exposure.
Third-Party Risk Management (TPRM)
Third-Party Risk Management (TPRM) is the practice of managing risks associated with outsourcing services or working with external vendors. It includes onboarding, risk assessments, continuous monitoring, and compliance mapping.TPRM is critical for regulated industries like BFSI, healthcare, and fintech.
SOC 2
SOC 2 is a security compliance framework that defines how organizations should manage customer data based on five trust principles: security, availability, processing integrity, confidentiality, and privacy.It is widely required for SaaS companies handling enterprise customer data.
ISO 27001
ISO 27001 is an international standard for information security management systems (ISMS). It provides a structured approach for managing sensitive company and customer information.Organizations use it to establish strong security controls and compliance processes.
DPDP Act (Digital Personal Data Protection Act)
The DPDP Act is India’s data protection law that governs how organizations collect, process, and store personal data. It enforces accountability, consent, and data security requirements.It is critical for any company operating in India handling user or customer data.
CERT-In
CERT-In (Indian Computer Emergency Response Team) is the national cybersecurity agency responsible for responding to cyber incidents and issuing security guidelines in India.It plays a key role in cybersecurity compliance and incident reporting for Indian enterprises.