This Executive Summary provides an overview of the challenges related to emerging technologies and key steps identified to help establish effective risk monitoring programs that are responsive to potential risks related to new technologies. This is the companion to the more in-depth briefing paper. ....
This set of General Data Protection Regulation (GDPR) resources have been updated to provide insights to the Third Party risk community and include background on the regulation and guidance on how to integrate GDPR requirements into TPRM programs. These resources work in conjunction with the Shared ....
TPRM practices are ideally suited to enhancing M&A outcomes. By applying TPRM best practices, a wider range of risks deeper in the supply chain can be examined than is typically achieved in M&A due diligence. The guide outlines specific best practices to help lower risks; discusses acquirer ....
This set of California Online Consumer Privacy Act (“CCPA”) resources are provided to share insights and best practices on how to understand aspects of CCPA and the implications that this regulation has on Third Party risk management. These resources work in conjunction with the Shared Assessmen ....
Third party risk managers are struggling to convey the need for the additional resources to develop and sustain a robust TPRM program. Shared Assessments members came together to create a coherent picture of the emerging challenges and provide actionable tools that practitioners can use to document ....
This “Gaining Ground” briefing paper is phase one of the two-phase cooperative project led by the Shared Assessments’ Continuous Monitoring working group. This group has galvanized practitioners from 57 member organizations, as well as non-member CM solution providers in the Taxonomy Subgroup, ....
In practice, governing boards are the last line of defense in ensuring critical risk management processes are effective. However, recent high profile incidents highlight the need for a greater role for boards in mitigating risks. These events serve as a stark example of why boards must become proact ....
The Shared Assessments Program is pleased to present a briefing paper based on the significance of information security and privacy controls on law firms as third party service providers and collaborative opportunities for resolution. This paper focuses on the issues law firms are facing as they ad ....
This paper documents how to apply an emerging best practice to improve third party risk management program governance. Embedding the continuous feedback “OODA Loop” – observe-orient-decide-act – into third party risk management programs can be expected to improve an organization’s risk pos ....
The dynamic nature of the risk environment means that third party risk professionals are being asked to protectagainst growing threats with a finite number of resources. In response to the need to be smarter about how weapproach third party risk management (TPRM), this paper provides guidance, pra ....