https://community.isc2.org/t5/Welcome/Is-third-party-risk-still-stuck-in-spreadsheets/m-p/89451#M3204 <P>Hi everyone,</P><P>I’ve been seeing that a common theme keeps coming up:</P><P>Third-party risk assessments are still largely handled through spreadsheets, email back-and-forth, and manual tracking—especially when it comes to remediation and continuous monitoring.</P><P>&nbsp;</P><P>Given the increasing expectations from regulations like DORA and the EU AI Act, this feels like a growing bottleneck.</P><P>Would love to hear your experience:</P><UL><LI>Is this still the reality in your organization?</LI><LI>Have you found better ways to manage it?</LI><LI>What’s the hardest part to operationalize?</LI></UL><P>Looking to understand how widespread this is.</P> Wed, 29 Apr 2026 07:34:22 GMT AnilEmanueall 2026-04-29T07:34:22Z https://community.isc2.org/t5/Welcome/Is-third-party-risk-still-stuck-in-spreadsheets/m-p/89451#M3204 <P>Hi everyone,</P><P>I’ve been seeing that a common theme keeps coming up:</P><P>Third-party risk assessments are still largely handled through spreadsheets, email back-and-forth, and manual tracking—especially when it comes to remediation and continuous monitoring.</P><P>&nbsp;</P><P>Given the increasing expectations from regulations like DORA and the EU AI Act, this feels like a growing bottleneck.</P><P>Would love to hear your experience:</P><UL><LI>Is this still the reality in your organization?</LI><LI>Have you found better ways to manage it?</LI><LI>What’s the hardest part to operationalize?</LI></UL><P>Looking to understand how widespread this is.</P> Wed, 29 Apr 2026 07:34:22 GMT https://community.isc2.org/t5/Welcome/Is-third-party-risk-still-stuck-in-spreadsheets/m-p/89451#M3204 AnilEmanueall 2026-04-29T07:34:22Z