TPRA and Industry Leaders Unite to Launch the Standard Trust Portal Guidance
TPRA and Industry Leaders Unite to Launch the Standard Trust Portal Guidance
Monday, May 4, 2026
A collaborative framework to streamline due diligence, enhance transparency, and enable AI-driven risk management.
ANKENY, IOWA — 4 MAY 2026 — The Third Party Risk Association (TPRA), in partnership with ten leading third party risk management service providers, today announced the release of the Standard Trust Portal Guidance for Third Party Risk Management (TPRM).
Designed to unify how organizations demonstrate security, compliance, privacy, and governance maturity, the guidance provides a standardized framework for building and managing trust portals, which are centralized hubs for evidence sharing and transparency between organizations and their third parties.
“This guidance represents the collective voice of the TPRM community,” Julie Gaiaschi, CEO and Co-Founder of TPRA, said. “By coming together across the ecosystem, we’re simplifying due diligence and enabling a future where transparency replaces endless questionnaires.”
The guidance aims to empower practitioners, vendors, regulators, and platform providers to align around a single, trusted model that reflects industry expectations and best practices for transparency, efficiency, and responsible evidence sharing. It also supports AI-driven TPRM technologies by standardizing evidence formats for automated review and analysis.
The following organizations contributed perspectives and subject matter expertise to help shape this guidance (listed in alphabetical order):
Aravo
Bitsight
Certa
Drata
ProcessUnity
RiskRecon, a Mastercard Company
SecurityScorecard
Vanta
Their collective insights reflect practical experience across third-party risk management, compliance automation, trust assurance, and practitioner due diligence.
The document, created jointly by TPRA and the above-named service providers, is now available for free download at https://www.tprassociation.org/trust-portal. It is also currently open for comment. You can provide your comments using the submission form. The comment period is open from May 4 to July 3, 2026. After the comment period has closed and comments are reviewed and incorporated into the standard, a finalized version will be released shortly after.
###
The Third Party Risk Association (TPRA) is a non-profit organization dedicated to advancing the profession of third party risk management (TPRM) through collaboration, education, and community engagement. TPRA supports practitioners and organizations around the world with resources, training, and networking opportunities that strengthen risk management programs and professional development.
