Papers and Studies

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework which includes practices for Governance, Due Diligence, and Incident Management and Reporting. The principles offered […]

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 2: Supplier/Vendor Contracts describes contracts as being fundamental in identifying, selecting, mitigating, and minimizing exposures and risks when outsourcing. Knowing the associated risks a vendor poses to the organization – and putting controls in […]

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 1: Supplier/Vendor Lifecycle explores the benefits of business units sharing responsibility for vetting, onboarding, monitoring, renewing, and terminating vendors, detailing activities for Procurement and Risk Management within each lifecycle phase.

Iron Mountain is a recognized leader for storage and information management services around the world. This paper describes Iron Mountain’s journey to achieving peak Standardized Information Gathering (SIG) Questionnaire adoption. While utilizing the SIG, Iron Mountain experienced significant reductions in the time, effort and money associated with manually responding to unique TPRM questionnaires and/or requests […]

This paper provides process and program guidance on meaningful, incremental improvements for organizations of all sizes, whether operating locally or globally. The content is designed for both beginning and seasoned security and TPRM practitioners, with an introduction to help inform C-Suite and Board discussions to determine what is at risk; how to manage those risks; […]

In our 2023 Third-Party Risk management Product Suite, we have 131 questions that cover Environmental, Social, Governance (ESG) within the Standardized Information Gathering (SIG) Questionnaire. ESG is now its own risk domain which allows users to scope an ESG-specific SIG. You will be able to complete a SIG for your organization and you can use […]