2020 has brought unique risk challenges that have significantly shifted the focus of risk managers. New operational risks emerged with the pandemic, with major shifts to work from home security and service availability issues, vendor stability, and socioeconomic...
The Threat Horizon The December 29th joint analysis report (JAR) GRIZZLY STEPPE – Russian Malicious Cyber Activity, contains specific indicators of cyberattacks and steps organizations can take to mitigate the “the tools and infrastructure used by the Russian civilian...
Tools That Empower Vendor Management ConfidenceShared Assessments responds directly to the dynamic landscape of third party risk management with the annual update of its Program Tools. The Tools serve organizations, regardless of size and industry, helping them...
Editor Contacts: For Protiviti: Kathy Keller (650) 234-6252 kathy.keller@protiviti.com For Shared Assessments Program: Sarah Perry, The Santa Fe Group, 602-441-1769, sarah@santa-fe-group.com or Lisa MacKenzie, MacKenzie Marketing Group (503) 705-3508,...
Today’s companies are outsourcing more critical functions as part of their business operations in today’s complex environment. Every member of the supply chain must be evaluated to ensure they are properly protecting systems and data. With hackers specifically...
Start 2015 on the right foot including your third party risk management program. Here are some suggested “New Year’s Resolutions” to incorporate into your strategic and tactical plans for the coming year: Resolution #1: I will incorporate the new SIG 2015 into my...
The industry is in a state of high alert concerning third party risk in 2015. In fact, Booz Allen Hamilton moved third party risk to the top of the list of cyber security trends for financial services to “guard against” this coming year. WIRED.com also cited third...
It has been an exciting time to participate in the Shared Assessments Program. Looking back at 2014, it has been a good, active year, with the rollout of our Certified Third Party Risk Professional (CTPRP) certification, our kick-off of the annual Vendor Risk...
Ok, so you did everything right… you sent your vendor a Standard Information Gathering (SIG) scoped based on data and service type, you analyzed the responses, decided to perform an on-site assessment using the Agreed Upon Procedure (AUP), and helped identify security...