Third-party Risk Management: SOC 2s, Security Questionnaires, and Beyond

Name: Third-party Risk Management: SOC 2s, Security Questionnaires, and Beyond
Duration: 27 min
Description: Eleanor Mount, a GRC professional and security risk and compliance manager at Ansa, delivered a frank dissection of why third-party risk management programs consistently fail to deliver on their promise — and offered five concrete ways practitioners can take ownership rather than just checking boxes. The through-line: most TPRM pain is self-inflicted, and the fixes are available today. ---

Eleanor Mount

BSidesSF 2025 — Here Be Dragons · Day 2 · Main

Eleanor Mount, a GRC professional and security risk and compliance manager at Ansa, delivered a frank dissection of why third-party risk management programs consistently fail to deliver on their promise — and offered five concrete ways practitioners can take ownership rather than just checking boxes. The through-line: most TPRM pain is self-inflicted, and the fixes are available today. ---

AI review

A competent GRC professional venting — accurately — about TPRM dysfunction. The SOC 2 audit commoditization point is the one substantive observation. Everything else is process hygiene that should be in an onboarding doc, not a conference talk.

Watch on YouTube