Papers

library

Creating a Unified Continuous Monitoring Taxonomy: Gaining Ground by Saying What's What

This “Gaining Ground” briefing paper is phase one of the two-phase cooperative project led by the Shared Assessments’ Continuous Monitoring working group. This group has galvanized practitioners from 57 member organizations, as well as non-member CM solution providers in the Taxonomy Subgroup, ....

Register to Download
dominoes

The Board's Role in Realizing Effective Risk Management

In practice, governing boards are the last line of defense in ensuring critical risk management processes are effective. However, recent high profile incidents highlight the need for a greater role for boards in mitigating risks. These events serve as a stark example of why boards must become proact ....

Register to Download

Recently Released: Law Firm Briefing Paper by Shared Assessments

The Shared Assessments Program is pleased to present a briefing paper based on the significance of information security and privacy controls on law firms as third party service providers and collaborative opportunities for resolution. This paper focuses on the issues law firms are facing as they ad ....

Register to Download
CM White Paper Image

Innovations in Third Party Continuous Monitoring

This paper documents how to apply an emerging best practice to improve third party risk management program governance. Embedding the continuous feedback “OODA Loop” – observe-orient-decide-act – into third party risk management programs can be expected to improve an organization’s risk pos ....

Register to Download
OODA

Innovations in Third Party Continuous Monitoring: With a Name Like OODA, How Hard Can It Be?

The dynamic nature of the risk environment means that third party risk professionals are being asked to protectagainst growing threats with a finite number of resources. In response to the need to be smarter about how weapproach third party risk management (TPRM), this paper provides guidance, pra ....

Register to Download
corporate meeting2

Consumer Packaged Goods Industry Call To Action

Benchmarking shows that against industries as a whole CPG has been slower in making program maturity gains in TPRM processes. The Shared Assessments Consumer Packaged Goods Vertical Strategy Group (CPG-VSG) has examined the gap between third party risk management (TPRM) practices and the current thr ....

Register to Download
meeting glass

Executive Summary: Principles of Third Party Contract Development, Adherence & Management

This Executive Summary provides and overview of third party contract best practices for setting realistic expectations for both parties regarding due diligence, contract negotiations, onboarding, oversight (including control assessments), reporting requirements and terminations. The Summary contains ....

Register to Download
handshake 2

Principles of Third Party Contract Development, Adherence & Management

Principles of Third Party Contract Development, Adherence & Management and its companion Executive Summary document, discuss how robust contract development practices provide benefits to both the outsourcer and the third party provider. These resources provide guidelines for developing a defined org ....

Register to Download
woman device cafe

Balancing Compliance & Convenience in Digital Device Use

Have we become convenience junkies? We have become a mobile society, a mobile economy, and we live a mobile life. Seventy-seven percent of Americans now own smartphones. How do we balance this convenience with privacy, security and risk? Linnea Solem, Chairperson of the Shared Assessments Prog ....

Register to Download
jenga shutterstock

Risk Rating Third Parties: Optimizing Risk Management Outcomes

The objectivity of a risk rating process that follows best practices informs a more effective evaluation and comparison of third party control postures. This paper discusses what third party risk rating is, what risk rating is needed and how an organization can apply risk rating best practices as pa ....

Register to Download
« Previous PageNext Page »