Papers and Studies

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing […]

This Executive Summary presents an overview of the Benchmark Survey Report: A New Baseline. (The full study is available with purchase of the Vendor Risk Management Maturity Model – VRMMM.) This study represents the sixth time Shared Assessments has partnered with The Ponemon Institute on research initiatives. The study strives to improve understanding of relative maturity levels […]

A New Roadmap for Third-Party IoT Risk Management is the Shared Assessments’ fourth annual collaborative study with The Ponemon Institute. This year’s report underscores the acute need for IoT risk management improvement. New insights in this year’s study crystallize a set of leading practices for reducing IoT-related risks. Areas ripe for action include governance, risk […]

Shared Assessments partnered with Prevalent to study current trends, challenges and initiatives impacting third-party risk practitioners. The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs. Respondents to the study were leaders and decision-makers in third-party risk. In today’s […]

This third annual study on third party IoT risk, conducted by the Ponemon Institute, helps the industry better understand how organizations are managing the risks created by known and unknown IoT devices.  Cyberattacks, data breaches and overall business disruption that can be caused by unsecured IoT devices in the workplace and used by third parties […]

Increasing pressures in the risk and regulatory environments continue to pose severe challenges to vendor risk management (VRM) programs, often offsetting incremental program improvements over the past 12 months. The results of this fifth annual study from Shared Assessments indicate that: There is a strong correlation between high levels of board engagement with VRM issues […]

With the proliferation of IoT devices in the enterprise, managing third-party risks to sensitive and confidential data has become a herculean task. As revealed in The Second Annual Study on the Internet of Things (IoT): A New Era of Third-Party Risk, companies are deeply concerned that failure to prevent a data breach or cyber attack […]

As rapidly changing risk and regulatory environments continue to challenge vendor risk management capabilities, the results of the latest Vendor Risk Management Benchmark Study show that: Organizations in all industries are making incremental progress in improving how they manage vendor and third party risks. Governing boards are increasing their level of engagement with cybersecurity risks, […]

Ready or not, IoT third party risk is here. Given the proliferation of connected devices, today’s cyber climate is evolving and organizations have to shift their focus to the security of external parties, now more than ever,” said Charlie Miller, Senior Vice President with the Shared Assessments Program. “In order to avoid becoming the next […]

The 2016 Vendor Risk Management Benchmark Study by Shared Assessments in collaboration with global consulting firm Protiviti examines the maturity of vendor risk management.

Tone at the Top and Third Party Risk examines the role of executives in third party risk management in a broad range of industries and the effect of tone at the top on minimizing business risks within organizations. This study is sponsored by Shared Assessments and conducted by the Ponemon Institute.

The Shared Assessments Program is pleased to present a case study based on our first in a series of pilots for our Collaborative Onsite Assessment program. The goal of this pilot program is to create the opportunity for multiple industry outsourcers to perform a collaborative onsite assessment of a single service provider, performed by an […]