Papers

OODA

Innovations in Third Party Continuous Monitoring: With a Name Like OODA, How Hard Can It Be?

The dynamic nature of the risk environment means that third party risk professionals are being asked to protectagainst growing threats with a finite number of resources. In response to the need to be smarter about how weapproach third party risk management (TPRM), this paper provides guidance, pra ....

Register to Download
corporate meeting2

Consumer Packaged Goods Industry Call To Action

Benchmarking shows that against industries as a whole CPG has been slower in making program maturity gains in TPRM processes. The Shared Assessments Consumer Packaged Goods Vertical Strategy Group (CPG-VSG) has examined the gap between third party risk management (TPRM) practices and the current thr ....

Register to Download
meeting glass

Executive Summary: Principles of Third Party Contract Development, Adherence & Management

This Executive Summary provides and overview of third party contract best practices for setting realistic expectations for both parties regarding due diligence, contract negotiations, onboarding, oversight (including control assessments), reporting requirements and terminations. The Summary contains ....

Register to Download
woman device cafe

Balancing Compliance & Convenience in Digital Device Use

Have we become convenience junkies? We have become a mobile society, a mobile economy, and we live a mobile life. Seventy-seven percent of Americans now own smartphones. How do we balance this convenience with privacy, security and risk? Linnea Solem, Chairperson of the Shared Assessments Prog ....

Register to Download
jenga shutterstock

Risk Rating Third Parties: Optimizing Risk Management Outcomes

The objectivity of a risk rating process that follows best practices informs a more effective evaluation and comparison of third party control postures. This paper discusses what third party risk rating is, what risk rating is needed and how an organization can apply risk rating best practices as pa ....

Register to Download
bigstock Cloud Computing Concepts 83855360

Assessment of Public Cloud Computing Vendors

Unique concerns exist around assessing security and controls for public cloud vendor use. This paper addresses those concerns and emerging best practice solutions for outsourcers seeking a Cloud Service Provider (CSP), as well as outsourcers engaging in relationships with third parties that use a CS ....

Register to Download
Cloud Enterprise

Evaluating Cloud Risk for the Enterprise - An Updated Shared Assessments Guide

In the past seven years we have seen tremendous changes in technology, personnel and business practices. Cloud has now become the de-facto industry model for providing a computing service. Mobile has become the most common model for accessing data. Cloud platforms are managing billions of Internet o ....

Register to Download
blog 08

Fourth Party Risk Management Paper

Risk from downstream parties is increasing as outsourcing organizations engage more and more third parties who themselves have their own outside provider relationships. The proliferation of fourth party relationships provides the undesired opportunity for the existence of significant risk management ....

Register to Download
whiteboard

Building Best Practices in Third Party Risk Management: Involving Procurement Paper

Establishing a strong standard for risk management means including all stakeholders before a third party is brought on board.  The paper focuses on ways to effectively integrate Procurement into the third party oversight function. ....

Register to Download
blog 05

Tone at the Top Paper

DID YOU KNOW? Consensus is quickly growing that an effective risk culture cannot be developed without a “Tone at the Top” that demonstrates, beyond doubt, that the Board and C-Suite are active in building and maintaining an effective enterprise risk management culture and program, inclusive o ....

Register to Download
« Previous PageNext Page »