Papers and Studies

Many organizations struggle to identify the scope of their third-party and Nth-party engagements, as well as the associated risks from these extended networks. By implementing continuous monitoring, businesses can uncover hidden Nth-party providers that are otherwise undetectable. This paper explores the essential steps to establish a robust TPRM continuous monitoring program, detailing what to monitor […]

This member spotlight highlights how New York Life Insurance “Keeps Their House In Order” by utilizing Shared Assessments education, products, thought leadership, and networking opportunities. By effectively managing third-party risks and building a resilient TPRM program with the support and structure of a Shared Assessments membership, New York Life Insurance continues to safeguard against potential […]

The purpose of this paper is to highlight best practices in governance of Third Party Risk Management (TPRM). Governance in this context refers to a formalized program framework that supports an organization’s strategic business objectives. Strong program governance helps foster efficient use of resources, greater transparency, and an environment of trust. This briefing focuses on […]

The Standardized Information Gathering (SIG) Questionnaire acts as a bridge between vendors and outsourcers, offering value to both parties in managing third-party risk. Outsourcers use the SIG to assess their existing and prospective service providers, while vendors use the SIG to respond to these same customers. In this way, the SIG Questionnaire creates a common […]

This member spotlight highlights Becky Brown, Program Manager for Third Party Risk Management for SEI Investments Company, and how Shared Assessments’ education, third-party risk summit, and products have helped shape her career and TPRM program. Brown is a breath of fresh air upholding the greater power of risk management we believe in here at Shared […]

This Member Success Story highlights how Navy Federal Credit Union and Shared Assessments align on core values. Navy Federal Credit Union has grown to be the world’s largest credit union while never losing dedication to service. Shared Assessments is steadfast in providing the Navy Federal TPRM team with the resources, education, and events needed to […]

RedSpy365 is a penetration testing and threat modeling platform that combines hundreds of security tools including the 2024 Shared Assessments Standardized Information Gathering Questionnaire (SIG) to measure and manage risk. This paper describes how RedSpy365, and founder Darren Manners, utilize the SIG to better understand control objects and allow users to quickly ascertain management responses […]

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing […]

Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing assessments in a consistent, documented, logical, and transparent manner to carry out an efficient onsite engagement. […]

This Executive Summary presents an overview of the Benchmark Survey Report: A New Baseline. (The full study is available with purchase of the Vendor Risk Management Maturity Model – VRMMM.) This study represents the sixth time Shared Assessments has partnered with The Ponemon Institute on research initiatives. The study strives to improve understanding of relative maturity levels […]

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework which includes practices for Governance, Due Diligence, and Incident Management and Reporting. The principles offered […]

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 2: Supplier/Vendor Contracts describes contracts as being fundamental in identifying, selecting, mitigating, and minimizing exposures and risks when outsourcing. Knowing the associated risks a vendor poses to the organization – and putting controls in […]