Papers

Multi-Dimensional Risk Management: RedSpy Takes PenTesting From Cool To Super Cool With The SIG

RedSpy365 is a penetration testing and threat modeling platform that combines hundreds of security tools including the 2024 Shared Assessments Standardized Information Gathering Questionnaire (SIG) to measure and manage risk. This paper describes how RedSpy365, and founder Darren Manners, utilize th ....

Register to Download
Executive Summary Onsite Assessment Briefing Paper

Executive Summary: Third Party Onsite Assessment Best Practices: Practitioner Guide

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third ....

Register to Download
Onsite Assessment Briefing Paper

Third Party Onsite Assessment Best Practices: Practitioner Guide

Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing assessments in ....

Register to Download
Framework for Managing Third Party Reputation Risk

Framework for Managing Third Party Reputation Risk: Identifying, Assessing, Reporting, Mitigating, and Monitoring

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework wh ....

Register to Download
Contracts

Partnering With Procurement - Part 2: Supplier/Vendor Contracts

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 2: Supplier/Vendor Contracts describes contracts as being fundamental in identifying, selecting, mitigating, and minimizing exposures and risks ....

Register to Download
Lifecycle

Partnering With Procurement - Part 1: Supplier/Vendor Lifecycle

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 1: Supplier/Vendor Lifecycle explores the benefits of business units sharing responsibility for vetting, onboarding, monitoring, renewing, and t ....

Register to Download
Floating Documents (1)

Iron Mountain Achieves Peak SIG Adoption

Iron Mountain is a recognized leader for storage and information management services around the world. This paper describes Iron Mountain's journey to achieving peak Standardized Information Gathering (SIG) Questionnaire adoption. While utilizing the SIG, Iron Mountain experienced significant reduct ....

Register to Download
TPRM Ransomware

Third Party Focused Ransomware Strategy: An Enterprise-Wide Collaborative Strategy Guide for TPRM Professionals

This paper provides process and program guidance on meaningful, incremental improvements for organizations of all sizes, whether operating locally or globally. The content is designed for both beginning and seasoned security and TPRM practitioners, with an introduction to help inform C-Suite and Boa ....

Register to Download
Which SIG

Which SIG Should I Use?

When scoping your Vendor Risk Questionnaires, which SIG should you use? The SIG offers three tiering structures - the SIG LITE, the SIG CORE, and the SIG Detail Questionnaire. This paper defines each of the tiers and their use cases. ....

Register to Download
ESG Preview

Guide: ESG In The 2023 SIG

In our 2023 Third-Party Risk management Product Suite, we have 131 questions that cover Environmental, Social, Governance (ESG) within the Standardized Information Gathering (SIG) Questionnaire. ESG is now its own risk domain which allows users to scope an ESG-specific SIG. You will be able to co ....

Register to Download
Next Page »