Increasing globalization, a heavy reliance on outsourcing, growth of cloud computing and the transition to digitization and remote work since the COVID-19 crisis have each heightened the regulatory focus on third-party risk management (TPRM). In this guest article, Norton Rose Fulbright partner Daniel Pepper examines how a strong TPRM program, with vendor due diligence, helps organizations identify, remediate and manage cybersecurity and data privacy risks associated with outsourcing services, functions and processes to third parties. See “Drafting Data and Cybersecurity Provisions in Third-Party Vendor Agreements” (Mar. 30, 2022).