Papers and Studies

Data Privacy Scoping Template Given the pace and complexity of data protection regulations, Shared Assessments provides a free, scoped Privacy Standardized Information Gathering (SIG) Questionnaire mapped to privacy frameworks. This template helps organizations complete third party data privacy reviews, and is a step towards navigating and addressing data governance in third party relationships. What is a […]

Scoping Template Shared Assessments has released a free Standardized Assessment Tool for the Log4j risk. With this scoping template, you will be able to conduct your own vulnerability assessment and share the form with your vendors for a holistic view of Log4j risk across your supply chain. Register to download in the form on the […]

This briefing paper provides insight into gaining greater supply chain sovereignty by identifying critical dependencies across both inbound and outbound supply chains. Adopting this proactive stance provides many opportunities for organizations, including being ready to respond to the regulatory changes reverberating across industries. The related blog “Nth Party Suppliers – Gaining a Toehold on Down […]

This paper provides a quick overview and concrete action steps that will help organizations achieve superior outcomes over time. Traditional approaches that rely solely on point-in-time assessments can no longer keep up with rapidly changing or emerging risks. Determine how to make your program work comprehensively and with dexterity within the organization’s mission, goals and […]

This briefing paper provides a foundation for a more robust TPRM style – one that applies complex adaptive systems to the field of risk management to help practitioners understand step-function, cascading improvements in risk management processes they can apply to their own programs. The related complex chain human resources blog “The Upstream Impact of Downstream […]

This Building Best Practices resource: Examines how to improve due diligence assessment productivity. Identifies a strong strategy that leverages control verification reports. Documents a means of examining existing artifacts to more efficiently scope any remaining due diligence. A practitioner tool is provided to house a consolidated record of the reports, facilitate gap analysis, document closing […]

The Role of ERM in Managing Risks Related to New Technologies and its companion Executive Summary document examine the challenges that come with significant technology shifts, such as IoT, AI, 5G and quantum encryption and computing; and the valuable role that the board and C-suite can play in helping organizations to recognize and respond to […]

This Executive Summary provides an overview of the challenges related to emerging technologies and key steps identified to help establish effective risk monitoring programs that are responsive to potential risks related to new technologies. This is the companion to the more in-depth briefing paper.

A New Roadmap for Third-Party IoT Risk Management is the Shared Assessments’ fourth annual collaborative study with The Ponemon Institute. This year’s report underscores the acute need for IoT risk management improvement. New insights in this year’s study crystallize a set of leading practices for reducing IoT-related risks. Areas ripe for action include governance, risk […]

This set of General Data Protection Regulation (GDPR) resources have been updated to provide insights to the Third Party risk community and include background on the regulation and guidance on how to integrate GDPR requirements into TPRM programs. These resources work in conjunction with the Shared Assessments Third Party Privacy Tools, a component in the […]

Shared Assessments partnered with Prevalent to study current trends, challenges and initiatives impacting third-party risk practitioners. The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs. Respondents to the study were leaders and decision-makers in third-party risk. In today’s […]

TPRM practices are ideally suited to enhancing M&A outcomes. By applying TPRM best practices, a wider range of risks deeper in the supply chain can be examined than is typically achieved in M&A due diligence. The guide outlines specific best practices to help lower risks; discusses acquirer and target viewpoints; provides how-to guidance; and includes […]