Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AnilEmanueall
Viewer
Wednesday
Wednesday

Is third-party risk still stuck in spreadsheets?

Hi everyone,

I’ve been seeing that a common theme keeps coming up:

Third-party risk assessments are still largely handled through spreadsheets, email back-and-forth, and manual tracking—especially when it comes to remediation and continuous monitoring.

 

Given the increasing expectations from regulations like DORA and the EU AI Act, this feels like a growing bottleneck.

Would love to hear your experience:

  • Is this still the reality in your organization?
  • Have you found better ways to manage it?
  • What’s the hardest part to operationalize?

Looking to understand how widespread this is.

Reply
0 Kudos
0 Replies