Papers and Studies

Stay on top of the latest in Third-Party Risk Management (TPRM) with Shared Assessments’ papers and studies. Learn industry trends and take away best practices to improve your approach. Read on and rock on, risk management!

Governance Best Practices For TPRM Programs: Strategy, Structure & Supply Chain Risk Management Program Evaluation

The purpose of this paper is to highlight best practices in governance of Third Party Risk Management (TPRM). Governance in this context refers to a formalized program framework that supports an organization’s strategic business objectives. Strong program governance helps foster efficient use of resources, greater transparency, and an environment of trust. This briefing focuses on […]

Register to Download

Outsourcers and Vendors: Guide To The Standardized Information Gathering (SIG) Questionnaire

The Standardized Information Gathering (SIG) Questionnaire acts as a bridge between vendors and outsourcers, offering value to both parties in managing third-party risk. Outsourcers use the SIG to assess their existing and prospective service providers, while vendors use the SIG to respond to these same customers. In this way, the SIG Questionnaire creates a common […]

Register to Download

Executive Summary: Third Party Onsite Assessment Best Practices: Practitioner Guide

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing […]

Register to Download

Third Party Onsite Assessment Best Practices: Practitioner Guide

Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing assessments in a consistent, documented, logical, and transparent manner to carry out an efficient onsite engagement. […]

Register to Download

Framework for Managing Third Party Reputation Risk: Identifying, Assessing, Reporting, Mitigating, and Monitoring

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework which includes practices for Governance, Due Diligence, and Incident Management and Reporting. The principles offered […]

Register to Download

Partnering With Procurement – Part 2: Supplier/Vendor Contracts

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 2: Supplier/Vendor Contracts describes contracts as being fundamental in identifying, selecting, mitigating, and minimizing exposures and risks when outsourcing. Knowing the associated risks a vendor poses to the organization – and putting controls in […]

Register to Download

Partnering With Procurement – Part 1: Supplier/Vendor Lifecycle

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 1: Supplier/Vendor Lifecycle explores the benefits of business units sharing responsibility for vetting, onboarding, monitoring, renewing, and terminating vendors, detailing activities for Procurement and Risk Management within each lifecycle phase.

Register to Download

Third Party Focused Ransomware Strategy: An Enterprise-Wide Collaborative Strategy Guide for TPRM Professionals

This paper provides process and program guidance on meaningful, incremental improvements for organizations of all sizes, whether operating locally or globally. The content is designed for both beginning and seasoned security and TPRM practitioners, with an introduction to help inform C-Suite and Board discussions to determine what is at risk; how to manage those risks; […]

Register to Download

Which SIG Should I Use?

When scoping your Vendor Risk Questionnaires, which SIG should you use? The SIG offers three tiering structures – the SIG LITE, the SIG CORE, and the SIG Detail Questionnaire. This paper defines each of the tiers and their use cases.

Register to Download

Guide: ESG In The 2023 SIG

In our 2023 Third-Party Risk management Product Suite, we have 131 questions that cover Environmental, Social, Governance (ESG) within the Standardized Information Gathering (SIG) Questionnaire. ESG is now its own risk domain which allows users to scope an ESG-specific SIG. You will be able to complete a SIG for your organization and you can use […]

Register to Download

Guide: Evolving Work Environments – Impact of Covid-19

In and outside of work, the Covid-19 pandemic was a mandatory exercise in flexibility. What are the workplace shifts we see impacting third-party risk management as we emerge from the pandemic? This guide emphasizes how the pandemic has affected profile and management of third parties by:  Comparing “Pre-Covid” and “Post-Covid” insights  Highlighting the evolution of work […]

Register to Download

Guide: Risk Domains

This guide introduces and defines 21 of the most critical and current risk domains within four key areas. The guide describes why organizations need to acknowledge each risk domain and offers concrete suggestions of how organizations can account for risks presented by each domain.

Register to Download
1 2 3 4