diff --git a/content/outcomes/MISC/third-party-due-diligence.md b/content/outcomes/MISC/third-party-due-diligence.md
new file mode 100644
index 00000000..aeeb05ff
--- /dev/null
+++ b/content/outcomes/MISC/third-party-due-diligence.md
@@ -0,0 +1,27 @@
+//Outcomes from Third Party Due Diligence session
+##Why
+Every company has their own third party due diligence methods. Mostly a mix of questionnaires, open source investigations, sometimes onsite assessments. This is not efficient in today's world as poor vendors are forced to spend 100s of hours each year filling in questionniares with same or similar questions over and over again.
+## What
+I believe we should have a restricted opensource platform where the members would agree on a framework and scoring system for third party due diigence from cyber perspective. (later may be expanded in other compliance areas too)
+This should perform the evaluation, follow-up assessments annually (or at major changes like M&As), tracking for resoltuions of the findings..
+Things to consider:
+Are we assessing the corporate controls of the vendor or their solution's security, or both?
+What framework or frameworks best suited for this? MITRE, NIST, ISO??
+Scores on maturity, flags on category of information classification that is recommended to be shared with the vendor (i.e. do not share non-public information with this vendor until they remediate findigns A, B, C)
+Funding for the activites - should we form a consortium like what FS-ISAC does for threat intelligence?
+If the third party is critical outsourcing partner, would the standard evaluation be sufficient, or should there be additional things to consider.
+## Outcomes
+So to wrap up from the session; we found at least three companies who already do the service but as a commercial offering. 
+These are; 
+OneTrust Vendorpedia - https://www.vendorpedia.org/
+RiskLedger - https://app.riskledger.com   [requries login details which I don't have]
+IHS Markit KY3P - https://ihsmarkit.com/products/ky3p.html
+
+Next steps: I am not sure how to move this forward
+Ideally we would ;
+either find a government body to sponsor this but this seems like killing businesses which provide third party risk solutions 
+Or, reach out to financial sector big players (big banks) to form a consortium like the one for threat intelligence (FS-ISAC)
+Or, get one of the commercial ones to turn it into an open source model
+
+## Who
+If you are interested in getting invovled in this activity, please message me (Didar Gelici) on Slack or any social media messaging.