Have we become convenience junkies? We have become a mobile society, a mobile economy, and we live a mobile life. Seventy-seven percent of Americans now own smartphones. How do we balance this convenience with privacy, security and risk? Linnea Solem, Chairperson of the Shared Assessments Program Privacy Working Group, explores that balance in this article. […]
As rapidly changing risk and regulatory environments continue to challenge vendor risk management capabilities, the results of the latest Vendor Risk Management Benchmark Study show that: Organizations in all industries are making incremental progress in improving how they manage vendor and third party risks. Governing boards are increasing their level of engagement with cybersecurity risks, […]
The objectivity of a risk rating process that follows best practices informs a more effective evaluation and comparison of third party control postures. This paper discusses what third party risk rating is, what risk rating is needed and how an organization can apply risk rating best practices as part of their risk management program. It […]
Unique concerns exist around assessing security and controls for public cloud vendor use. This paper addresses those concerns and emerging best practice solutions for outsourcers seeking a Cloud Service Provider (CSP), as well as outsourcers engaging in relationships with third parties that use a CSP.
In the past seven years we have seen tremendous changes in technology, personnel and business practices. Cloud has now become the de-facto industry model for providing a computing service. Mobile has become the most common model for accessing data. Cloud platforms are managing billions of Internet of Things (IoT) devices daily; and new exciting developments […]
Ready or not, IoT third party risk is here. Given the proliferation of connected devices, today’s cyber climate is evolving and organizations have to shift their focus to the security of external parties, now more than ever,” said Charlie Miller, Senior Vice President with the Shared Assessments Program. “In order to avoid becoming the next […]
Risk from downstream parties is increasing as outsourcing organizations engage more and more third parties who themselves have their own outside provider relationships. The proliferation of fourth party relationships provides the undesired opportunity for the existence of significant risk management gaps.
The 2016 Vendor Risk Management Benchmark Study by Shared Assessments in collaboration with global consulting firm Protiviti examines the maturity of vendor risk management.
Establishing a strong standard for risk management means including all stakeholders before a third party is brought on board. The paper focuses on ways to effectively integrate Procurement into the third party oversight function.
DID YOU KNOW? Consensus is quickly growing that an effective risk culture cannot be developed without a “Tone at the Top” that demonstrates, beyond doubt, that the Board and C-Suite are active in building and maintaining an effective enterprise risk management culture and program, inclusive of third party risk issues. The right Tone at the […]
The increased connectivity and complexity of critical infrastructure systems both nationally and globally puts economic and public security squarely at the forefront of risk management in every sector and industry vertical. A proactive stance is clearly required to establish best practices for more mature risk management programs industry-wide. The financial services industry is in position […]
Moving the Needle on Longitudinal Tracking for More Effective Processes Continuous monitoring, a subset of ongoing monitoring, moves the risk posture of systems to a level that allows tracking over time, often in real-time, to raise awareness of changing vulnerabilities and processes for more effective decision-making and achieve discernable gains in risk management.
