Skip to Main Content

Third Party Risk Management (TPRM)

As part of UCLA’s ongoing effort to effectively manage third-party risks and ensure compliance with regulatory requirements, it is essential that we understand and manage the risks that third-party relationships may pose to the University. UCLA’s Departments/Units broadly engage with third parties to achieve various educational goals. In most cases, these third-party services/products present risks that may adversely impact UCLA.


This service is provided at no cost to campus.


  • The UCLA Third-Party Risk Assessment (TPRM) is used to evaluate third-party information security program and practices as well as to determine if any risks exist and if any compensating controls may be required.
  • The assessment  identifies gaps in a third party’s ability to comply with the University’s security requirements during the pre-contract phase.
  • Risk domains include application/service security, business continuity, security policies and procedures, etc.

Key Features

  • Uses a risk-based approach to apply more scrutiny on high risk third parties
  • Enables understanding of residual risk posed by third-parties
  • Provides enhanced risk coverage across a broader set of risk domains, including cloud security, compliance, human resources (HR) security, etc. 
  • Assists with compliance efforts in alignment with University policy and applicable laws


All Campus Units are provided this service.



Getting Started

Contact to learn more.