This paper examines the common risks presented by third party suppliers, the options available to organizations to streamline assessment programs, particularly how to approach both cybersecurity supply chain security risk management within a GRC framework.