Select Page

White Papers

Risk Rating Third Parties: Optimizing Risk Management Outcomes

The objectivity of a risk rating process that follows best practices informs a more effective evaluation and comparison of third party control postures. This white paper discusses what third party risk rating is, what risk rating is needed and how an organization can apply risk rating best practices as part of their risk management program. It is essential that a pre-engagement risk rating is performed on every potential third party to determine appropriate levels of due diligence oversight and set relevant expectations for ongoing assessments.

Register to Download

Evaluating Cloud Risk for the Enterprise - An Updated Shared Assessments Guide

In the past seven years we have seen tremendous changes in technology, personnel and business practices. Cloud has now become the de-facto industry model for providing a computing service. Mobile has become the most common model for accessing data. Cloud platforms are managing billions of Internet of Things (IoT) devices daily; and new exciting developments are evolving, such as microservices, to allow previously unimaginable scalability and efficiencies.

Register to Download

Assessment of Public Cloud Computing Vendors

Unique concerns exist around assessing security and controls for public cloud vendor use. This paper addresses those concerns and emerging best practice solutions for outsourcers seeking a Cloud Service Provider (CSP), as well as outsourcers engaging in relationships with third parties that use a CSP.

Register to Download

Fourth Party Risk Management White Paper

Risk from downstream parties is increasing as outsourcing organizations engage more and more third parties who themselves have their own outside provider relationships. The proliferation of fourth party relationships provides the undesired opportunity for the existence of significant risk management gaps.

Register to Download

Continuous Monitoring of Third Party Vendors: Building Best Practices

Moving the Needle on Longitudinal Tracking for More Effective Processes Continuous monitoring, a subset of ongoing monitoring, moves the risk posture of systems to a level that allows tracking over time, often in real-time, to raise awareness of changing vulnerabilities and processes for more effective decision-making and achieve discernable gains in risk management.

Register to Download

Building Best Practices in Third Party Risk Management: Involving Procurement White Paper

Establishing a strong standard for risk management means including all stakeholders before a third party is brought on board.  The paper focuses on ways to effectively integrate Procurement into the third party oversight function.

Register to Download

Financial Services Industry Call to Action

The increased connectivity and complexity of critical infrastructure systems both nationally and globally puts economic and public security squarely at the forefront of risk management in every sector and industry vertical. A proactive stance is clearly required to establish best practices for more mature risk management programs industry-wide. The financial services industry is in position to continue its leadership role in third party risk management, in order to improve the quality and efficiency of risk management programs at both the outsourcer and provider levels to collectively raise the bar and establish effective industry-wide risk management solutions.

Register to Download

Onsite Assessments Best Practices White Paper

A Shared Assessments awareness committee was established to create a best practice assessment and scoping guideline practical for all outsourcing organizations, onsite assessment teams, managers and service providers, regardless of industry or assessment scope. The guideline will work in concert with existing onsite assessment tools and processes. It provides a clear, consistent methodology to keep the assessment process on target and therefore reduce duplication of effort and assessment fatigue.

Register to Download

Incident Response Briefing Paper

To help organizations be better prepared against increasingly inevitable incidents, the Shared Assessments Program SIG Committee has released Building Best Practices for Effective Monitoring of a Third Party’s Incident Event Management Program. The paper outlines a newly developed best practices model of incident event management program creation.

Register to Download

Tone at the Top White Paper

DID YOU KNOW? Consensus is quickly growing that an effective risk culture cannot be developed without a “Tone at the Top” that demonstrates, beyond doubt, that the Board and C-Suite are active in building and maintaining an effective enterprise risk management culture and program, inclusive of third party risk issues. The right Tone at the Top and risk culture can become important drivers of improved organizational performance – companies that incorporate risk management into their strategic planning process and operating model gain clear competitive advantage

Register to Download