Papers and Studies

Stay on top of the latest in Third-Party Risk Management (TPRM) with Shared Assessments’ papers and studies. Learn industry trends and take away best practices to improve your approach. Read on and rock on, risk management!

CCPA Privacy Guidelines and Checklists

This set of California Online Consumer Privacy Act (“CCPA”) resources are provided to share insights and best practices on how to understand aspects of CCPA and the implications that this regulation has on Third Party risk management. These resources work in conjunction with the Shared Assessments Third Party Privacy Tools, a component in the Third […]

Register to Download

Building TPRM Resources in Light of Increasing Risks & Regulatory Change: Tools to Align with Business Goals

Third party risk managers are struggling to convey the need for the additional resources to develop and sustain a robust TPRM program. Shared Assessments members came together to create a coherent picture of the emerging challenges and provide actionable tools that practitioners can use to document their business case for optimizing TPRM resource allocation within […]

Register to Download

Creating a Unified Continuous Monitoring Taxonomy: Gaining Ground by Saying What’s What

This “Gaining Ground” briefing paper is phase one of the two-phase cooperative project led by the Shared Assessments’ Continuous Monitoring working group. This group has galvanized practitioners from 57 member organizations, as well as non-member CM solution providers in the Taxonomy Subgroup, to establish a common set of terms and standards for identifying, alerting and […]

Register to Download

The Board’s Role in Realizing Effective Risk Management

In practice, governing boards are the last line of defense in ensuring critical risk management processes are effective. However, recent high profile incidents highlight the need for a greater role for boards in mitigating risks. These events serve as a stark example of why boards must become proactive in their risk management oversight role.

Register to Download

Law Firm Briefing Paper by Shared Assessments

The Shared Assessments Program is pleased to present a briefing paper based on the significance of information security and privacy controls on law firms as third party service providers and collaborative opportunities for resolution. This paper focuses on the issues law firms are facing as they adapt to providing a secure IT environment that meets […]

Register to Download

Third Party IoT Risk: Companies Don’t Know What They Don’t Know

This third annual study on third party IoT risk, conducted by the Ponemon Institute, helps the industry better understand how organizations are managing the risks created by known and unknown IoT devices.  Cyberattacks, data breaches and overall business disruption that can be caused by unsecured IoT devices in the workplace and used by third parties […]

Register to Download

2019 Vendor Risk Management Benchmark Study: Running Hard to Stay in Place

Increasing pressures in the risk and regulatory environments continue to pose severe challenges to vendor risk management (VRM) programs, often offsetting incremental program improvements over the past 12 months. The results of this fifth annual study from Shared Assessments indicate that: There is a strong correlation between high levels of board engagement with VRM issues […]

Register to Download

Innovations in Third Party Continuous Monitoring

This paper documents how to apply an emerging best practice to improve third party risk management program governance. Embedding the continuous feedback “OODA Loop” – observe-orient-decide-act – into third party risk management programs can be expected to improve an organization’s risk posture by providing a proactive approach to risk management. This paper provides guidance that […]

Register to Download

Innovations in Third Party Continuous Monitoring: With a Name Like OODA, How Hard Can It Be?

The dynamic nature of the risk environment means that third party risk professionals are being asked to protectagainst growing threats with a finite number of resources. In response to the need to be smarter about how weapproach third party risk management (TPRM), this paper provides guidance, practical tools and insight intohow to leverage an action-oriented […]

Register to Download

Consumer Packaged Goods Industry Call To Action

Benchmarking shows that against industries as a whole CPG has been slower in making program maturity gains in TPRM processes. The Shared Assessments Consumer Packaged Goods Vertical Strategy Group (CPG-VSG) has examined the gap between third party risk management (TPRM) practices and the current threat environment. The group has championed this Call to Action in […]

Principles of Third Party Contract Development, Adherence & Management

This paper documents best practices for streamlining third party contract development, approval, exceptions and addendums processes. Organizations increasingly rely on contract clauses and policies to mitigate third party risk. However, fewer than half in a recent study reported they are able to monitor compliance with contract provisions. This paper examines the need for actionable contracts and […]

Register to Download

Executive Summary: Principles of Third Party Contract Development, Adherence & Management

This Executive Summary provides and overview of third party contract best practices for setting realistic expectations for both parties regarding due diligence, contract negotiations, onboarding, oversight (including control assessments), reporting requirements and terminations. The Summary contains the key components for optimizing contract processes across the vendor lifecycle. This is the companion to the more in-depth […]

Register to Download
1 3 4 5 6 7