Papers and Studies

Stay on top of the latest in Third-Party Risk Management (TPRM) with Shared Assessments’ papers and studies. Learn industry trends and take away best practices to improve your approach. Read on and rock on, risk management!

Spring4Shell Vulnerability: Securing Your Software Supply Chain

Securing Your Software Supply Chain Shared Assessments recommends a specific due diligence process for understanding third-party patch management capabilities using our industry-leading Standardized Information Gathering (SIG) Vendor Risk Questionnaire. In the case of #Spring4Shell (or alternatively #SpringShell), we recommend you review your previous risk assessments first, instead of initiating new Questionnaire requests in your vendor […]

Register to Download

Guide: Geopolitical Risk – Spotlight on the Russia/Ukraine Conflict

Geopolitical risk stems from war, terrorism, and even ongoing tensions between states that derail normal and peaceful international relations. Geopolitical risk has an adverse impact on the delicate balance of the world’s economy, security, and political relations. What does geopolitical risk mean for your organization and third party risk management (TPRM)? Risks emerging from recent Russian aggression against Ukraine have potential consequences […]

Register to Download

Guide To Risk Domains For Vendor Risk Management

Guide To Risk Domains This guide introduces and defines nineteen of the most critical and current risk domains within four key areas. The guide describes why organizations need to acknowledge each risk domain and offers concrete suggestions of how organizations can account for risks presented by each domain. What Are Risk Domains? Risk domains are […]

Register to Download

A Unified Third Party Continuous Monitoring Cybersecurity Taxonomy

This paper provides a unified continuous monitoring cybersecurity taxonomy. A living document designed to evolve with the cybersecurity landscape, the taxonomy advances communication about evaluating and monitoring the impact of cyber threats. Cybersecurity monitoring solution providers, outsourcers, and third party service providers collaborated in Shared Assessments’ Continuous Monitoring Working Group to develop this first version […]

Register to Download

Privacy Resources For Vendor Risk Management

Data Privacy Scoping Template Given the pace and complexity of data protection regulations, Shared Assessments provides a free, scoped Privacy Standardized Information Gathering (SIG) Questionnaire mapped to privacy frameworks. This template helps organizations complete third party data privacy reviews, and is a step towards navigating and addressing data governance in third party relationships. What is […]

Register to Download

Log4j Vulnerability Resources For Vendor Risk Management

Scoping Template Shared Assessments has released a free Standardized Assessment Tool for the Log4j risk. With this scoping template, you will be able to conduct your own vulnerability assessment and share the form with your vendors for a holistic view of Log4j risk across your supply chain. Register to download in the form on the […]

Register to Download

Complex Supply Chains – Gaining Visibility into Nth Party Governance

This briefing paper provides insight into gaining greater supply chain sovereignty by identifying critical dependencies across both inbound and outbound supply chains. Adopting this proactive stance provides many opportunities for organizations, including being ready to respond to the regulatory changes reverberating across industries. The related blog “Nth Party Suppliers – Gaining a Toehold on Down […]

Register to Download

C-Suite Call to Action – Risk Management Through A Different Lens

This paper provides a quick overview and concrete action steps that will help organizations achieve superior outcomes over time. Traditional approaches that rely solely on point-in-time assessments can no longer keep up with rapidly changing or emerging risks. Determine how to make your program work comprehensively and with dexterity within the organization’s mission, goals and […]

Register to Download

Adaptive Risk Management for Complex Supply Chains

This briefing paper provides a foundation for a more robust TPRM style – one that applies complex adaptive systems to the field of risk management to help practitioners understand step-function, cascading improvements in risk management processes they can apply to their own programs. The related complex chain human resources blog “The Upstream Impact of Downstream […]

Register to Download

Using the SCA in Complement with Other Assessments: Streamlining Due Diligence

This Building Best Practices resource: Examines how to improve due diligence assessment productivity. Identifies a strong strategy that leverages control verification reports. Documents a means of examining existing artifacts to more efficiently scope any remaining due diligence. A practitioner tool is provided to house a consolidated record of the reports, facilitate gap analysis, document closing […]

Register to Download

The Role of ERM in Managing Risks Related to New Technologies

The Role of ERM in Managing Risks Related to New Technologies and its companion Executive Summary document examine the challenges that come with significant technology shifts, such as IoT, AI, 5G and quantum encryption and computing; and the valuable role that the board and C-suite can play in helping organizations to recognize and respond to […]

Register to Download

Executive Summary: The Role of ERM in Managing Risks Related to New Technologies

This Executive Summary provides an overview of the challenges related to emerging technologies and key steps identified to help establish effective risk monitoring programs that are responsive to potential risks related to new technologies. This is the companion to the more in-depth briefing paper.

Register to Download
1 2 3 4 5 6