Papers and Studies

Stay on top of the latest in Third-Party Risk Management (TPRM) with Shared Assessments’ papers and studies. Learn industry trends and take away best practices to improve your approach. Read on and rock on, risk management!

The Brave Future Of Risk Management: Shared Assessments And SEI Investments

This member spotlight highlights Becky Brown, Program Manager for Third Party Risk Management for SEI Investments Company, and how Shared Assessments’ education, third-party risk summit, and products have helped shape her career and TPRM program. Brown is a breath of fresh air upholding the greater power of risk management we believe in here at Shared […]

Register to Download

Members Are The Mission: Navy Federal Credit Union and Shared Assessments Align On Core Values

This Member Success Story highlights how Navy Federal Credit Union and Shared Assessments align on core values. Navy Federal Credit Union has grown to be the world’s largest credit union while never losing dedication to service. Shared Assessments is steadfast in providing the Navy Federal TPRM team with the resources, education, and events needed to […]

Register to Download

Multi-Dimensional Risk Management: RedSpy Takes PenTesting From Cool To Super Cool With The SIG

RedSpy365 is a penetration testing and threat modeling platform that combines hundreds of security tools including the 2024 Shared Assessments Standardized Information Gathering Questionnaire (SIG) to measure and manage risk. This paper describes how RedSpy365, and founder Darren Manners, utilize the SIG to better understand control objects and allow users to quickly ascertain management responses […]

Register to Download

Executive Summary: Third Party Onsite Assessment Best Practices: Practitioner Guide

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing […]

Register to Download

Third Party Onsite Assessment Best Practices: Practitioner Guide

Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing assessments in a consistent, documented, logical, and transparent manner to carry out an efficient onsite engagement. […]

Register to Download

Executive Summary: Shared Assessments Benchmark Survey Report: A New Baseline

This Executive Summary presents an overview of the Benchmark Survey Report: A New Baseline. (The full study is available with purchase of the Vendor Risk Management Maturity Model – VRMMM.) This study represents the sixth time Shared Assessments has partnered with The Ponemon Institute on research initiatives. The study strives to improve understanding of relative maturity levels […]

Register to Download

Framework for Managing Third Party Reputation Risk: Identifying, Assessing, Reporting, Mitigating, and Monitoring

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework which includes practices for Governance, Due Diligence, and Incident Management and Reporting. The principles offered […]

Register to Download

Partnering With Procurement – Part 2: Supplier/Vendor Contracts

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 2: Supplier/Vendor Contracts describes contracts as being fundamental in identifying, selecting, mitigating, and minimizing exposures and risks when outsourcing. Knowing the associated risks a vendor poses to the organization – and putting controls in […]

Register to Download

Partnering With Procurement – Part 1: Supplier/Vendor Lifecycle

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 1: Supplier/Vendor Lifecycle explores the benefits of business units sharing responsibility for vetting, onboarding, monitoring, renewing, and terminating vendors, detailing activities for Procurement and Risk Management within each lifecycle phase.

Register to Download

Iron Mountain Achieves Peak SIG Adoption

Iron Mountain is a recognized leader for storage and information management services around the world. This paper describes Iron Mountain’s journey to achieving peak Standardized Information Gathering (SIG) Questionnaire adoption. While utilizing the SIG, Iron Mountain experienced significant reductions in the time, effort and money associated with manually responding to unique TPRM questionnaires and/or requests […]

Register to Download

Third Party Focused Ransomware Strategy: An Enterprise-Wide Collaborative Strategy Guide for TPRM Professionals

This paper provides process and program guidance on meaningful, incremental improvements for organizations of all sizes, whether operating locally or globally. The content is designed for both beginning and seasoned security and TPRM practitioners, with an introduction to help inform C-Suite and Board discussions to determine what is at risk; how to manage those risks; […]

Register to Download

Which SIG Should I Use?

When scoping your Vendor Risk Questionnaires, which SIG should you use? The SIG offers three tiering structures – the SIG LITE, the SIG CORE, and the SIG Detail Questionnaire. This paper defines each of the tiers and their use cases.

Register to Download
1 2 3 6