Risk Roundup Newsletter - September 2024

Harvesting Knowledge: Fall Reads To Enrich Your Third-Party Risk Management (TPRM) Expertise

As the days grow shorter and leaves begin to change, we find ourselves in the perfect season for reflection and growth. At Shared Assessments, we believe that knowledge is our most valuable crop. This fall, we’re excited to introduce a wealth of new content designed to enhance your understanding of and practice in TPRM.

This autumn, immerse yourself in our offerings and cultivate a deeper understanding of TPRM as you prepare for the seasons ahead. Wishing you a bountiful harvest!

2025 Product Release Preview

Our 2025 Third-Party Risk Management (TPRM) Product Suite release is just around the corner - and resilience is the word! In an era of spiraling complexity and technological advancement, readiness and resilience are the means to rise above risk. From evaluating the maturity of your own risk management program to assessing the risks third parties introduce to your organization, our products enable you to manage vendor risk effectively and efficiently. 2025 Product Release highlights will include:

?? Third-Party Services Inherent Risk Rating (TPSIRR) usability upgrades

?? Vendor Risk Management Maturity Model (VRMMM) with a complimentary “Interagency Guidance Gap Analysis" tool

?? Standardized Information Gathering Questionnaire (SIG) with new Digital Operational Resilience Act (DORA), NIS 2, and NIST CSF 2.0 mappings

Consider joining our upcoming 30-minute virtual product release sessions this fall to learn to use our tools in your risk management program.

30-Minute Product Release Sessions (October-December)

Request A Personalized Demo

Briefing Papers

Our new briefing papers feature expert perspectives on best practices, offering valuable insights into navigating today’s challenges including Continuous Monitoring, Governance, and Artificial Intelligence (AI).

Governance Best Practices For TPRM Programs: Strategy, Structure & Supply Chain Risk Management Program Evaluation

This paper highlights best practices in governance of Third-Party Risk Management (TPRM). Governance in this context refers to a formalized program framework that supports an organization’s strategic business objectives. Strong program governance helps foster efficient resource use, greater transparency, and an environment of trust. This briefing focuses on program accountability, program objectives and controls, risk management strategy, and reporting and management oversight.

Download Here

Third & Nth Party Continuous Monitoring: Standing Up An Effective Program

Many organizations struggle to identify the scope of their third-party and Nth-party engagements, as well as the associated risks from these extended networks. By implementing continuous monitoring, businesses can uncover hidden Nth-party providers that are otherwise undetectable. This paper explores the essential steps to establish a robust TPRM continuous monitoring program, detailing what to monitor and how to effectively manage the resulting data. This approach not only enhances your TPRM processes but also increases your operational resilience.

Download Here

AI & Third-Party Risk Management: Balancing Innovation, Risk & Opportunity

Rapid advancements in AI are revolutionizing industries, bringing remarkable opportunities and notable concerns regarding social and governance implications. This comprehensive paper explores the latest and best practices in TPRM governance, focusing on how AI can enhance the efficiency and effectiveness of managing third-party risks in the supply chain. This invaluable resource provides practitioners and executives with:

• A Comprehensive Guide to the Advantages and Applications of AI in TPRM
• An In-Depth Analysis of AI-Related Risks and Effective Mitigation Strategies
• Key Insights on Governance Considerations for AI-Driven Risk Management

Download Here

Blogposts

Explore our blogs for the latest insights, tips, and best practices in third-party risk management. Stay informed and protect your organization by navigating the complexities of third-party relationships with confidence.

Shared Assessments Joins Charter Of Trust

Shared Assessments?has officially joined the Charter of Trust as a member of the Associated Partners Forum (APF). The Charter of Trust is a non-profit alliance of leading global companies and organizations from various sectors working together to make the digital world of tomorrow a safer place.

This new and promising partnership between Shared Assessments and the Charter of Trust is a natural fit as both organizations are devoted to working to create a more secure and resilient digital world through collaboration and information sharing.

Read Here

DORA: Knocking On Risk Management’s Door

Risk Management, DORA is knocking, and we must answer! The Standardized Information Gathering Questionnaire can be a valuable tool in achieving Digital Operational Resilience Act (#DORA) compliance by providing a structured framework for assessing third-party risk. Read to learn:

• The 6 key areas covered by DORA
• How SIG 2025 will offer mappings to DORA standards
• How the SIG helps to identify & prioritize potential vulnerabilities

Read Here

Using The SIG As An Outsourcer AND As A Vendor

We see organizations using the Standardized Information Gathering Questionnaire (SIG) as a Vendor Assessment (Outsourcers) or as a Response Document (Vendors) – but very often, not for both functions. Yet, most organizations are both Outsourcers and Vendors – it’s what makes the world go round.

In this blog post, we briefly review the SIG use case for Outsourcers and the separate SIG use case for Vendors. Through this exercise, we want to further the idea that you can use the SIG for both functions within your organization!

Read Here

Guide To GRC Software

This blog outlines the significance of Governance, Risk, and Compliance (GRC) software in helping organizations to manage risks and comply with regulations. It highlights essential features to consider when selecting GRC solutions, such as integration capabilities, user-friendliness, and scalability. The blog also highlights many of our partners and their GRC platforms.

Read Here

IT Vendor Risk Management Best Practices: A Strategy Guide to Protect Your Organization

As technology advances and functions improve, ensuring that vendors meet stringent risk management criteria is no longer optional; it is imperative. This blog provides a comprehensive guide of best practices for managing IT vendor risks effectively and efficiently. By implementing these strategies, organizations can safeguard their operations, maintain vendor compliance, and protect their data.

Read Here

First-Ever Third-Party Risk Management UK Summit 2024: Signed, Sealed, Delivered

Shared Assessments’ first-ever Third-Party Risk Management UK Summit brought together professionals from different industries to explore the evolving landscape of third-party risk management in the heart of London.?The Summit featured a keynote address, interactive panels, breakout sessions, and abundant networking opportunities.?This blog post delivers a brief overview of key takeaways from the event – we hope to see you there again next year!

Read Here

Risk Rundown Podcast

The Risk Rundown is Shared Assessments' new podcast. Listen in on conversations with risk practitioners about their career journeys through the world of third-party risk management (TPRM). Learn how other risk programs view evolving risks and emerging technologies.

Episode Three: Navigating Global Challenges: The Intersection of Resilience and Third-Party Risk

Elizabeth Dunsmoor is joined by Shriparna Ghosh , Director at 安永 and expert in Third-Party Risk and Resilience Management. Together, they explore the evolving landscape of third-party risk management (TPRM), emphasizing the critical importance of resilience in today’s interconnected world. Sri shares her insights on building robust TPRM frameworks that can withstand the challenges of modern cybersecurity threats.

Listen Here

Upcoming Events

Committee Meetings

• Global TPRM Best Practices | September 26 | 10:00am - 11:00am ET
• Product Development | September 26 | 12:00pm - 1:00pm ET
• October 10 | Regulatory | 11:00am -12:00pm ET | Members Only
• October 17 | Global ESG TPRM | 11:00am -12:00pm ET
• October 22 | AI and Emerging Technology | 11:00am - 12:00pm ET | Members Only
• October 22 | Healthcare | 12:00pm - 1:00pm ET

Submit your interest here and join a TPRM Committee today!

Please note: While some committees are open to the wider TPRM community, some committees are exclusive opportunities for Shared Assessments Members.

Webinars

Navigating the Complexities of Continuous Monitoring

October 2, 2024 | 11:00am-12:00pm ET | FREE | 1 CPE

In today's interconnected business landscape, continuous monitoring has emerged as a critical strategy to ensure ongoing compliance, mitigate risks, and protect your organization. This webinar will provide an overview of continuous monitoring and best practices for implementation.

Register

Interagency Guidance: Gap Analysis

October 8, 2024 | 11:00am-12:00pm ET | FREE | 1 CPE

The Federal Reserve Board (the Board), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) collectively introduced the Interagency Guidance on Third-Party Relationships: Risk Management. In June 2023, the guidance officially became effective – you’re now expected to comply. This session will take a closer look at what we've learned over the past year and provide a walkthrough of the Shared Assessment Interagency Guidance Gap Analysis.

Register

Education Opportunities

TPRM Fundamentals

Gain foundational knowledge in Third-Party Risk Management (TPRM). This certificate-based learning course is designed for individuals with limited or no third party risk experience. The training will provide an overview of key third-party risk concepts, program components, and processes involved in minimizing risk in third-party relationships.

On-Demand | Online | Register

Certified Third-Party Risk Professional (CTPRP)

The Certified Third Party Risk Professional (CTPRP) designation is a professional credential designed to validate knowledge, experience, and proficiency in the design, structure, and implementation of a comprehensive TPRM Program. The course includes the processes for third-party risk identification and structuring a risk-based vendor classification structure and risk assessment process.

October 29-30 | 7:00am – 12:00pm ET | Online | Elizabeth Dunsmoor | Register

On-Demand | Online | Register

Certified Third-Party Risk Assessor (CTPRA)

The Certified Third Party Risk Assessor (CTPRA) designation is a professional credential that validates expertise, decision making and proficiency in third-party risk and controls evaluation. The program includes the processes for identifying, quantifying, and mitigating third-party risk within an organization’s TPRM program.

October 8-9 | 10:00am – 3:00pm ET | Online | Elizabeth Dunsmoor | Register

Fall Is Near, Fall Is Here...

We’re thrilled to unveil a bounty of new content and opportunities to enrich your journey in TPRM. Take time to delve into our resources and cultivate a deeper understanding that will serve you well in the seasons to come.

May the crisp air of autumn bring vibrant color to the trees around you and to your risk management practice.