All for One and One for All. Is it time for the Evidence Sharing Network to shine in TPRM?

A few thoughts on the “Evidence Sharing Network” model. I’m pleased to say that the seven key steps for establishing a cost-effective Third-Party risk management (TPRM) program are definitely beginning to resonate. However, as normal, priorities and resources are naturally focused on daily tasks, keeping risk management at a secondary level of importance and diverging…


Mitigating Big Risks? Think Small Supplier Risk Assessments

A few thoughts on Small Supplier Risk Assessments – Every supplier represents a potential security risk to your organisation. Whether it’s a small specialised law firm, a local value added reseller delivering technology and providing services, a consultant dedicated to your industry, or an off shore Web developer, it’s important to understand those risks –…


GDPR – 1 year to go – Started preparations? Great. But how’s your Third-Party Risk?

A few thoughts on GDPR and Third Party Risk – A year today, on May 25th 2018 the biggest change to data protection law in 20 years will kick in. The EU General Data Protection Regulation (GDPR) is its replacement. By now you know the risks – any breach of Personally Identifiable Information (PII) can result in new penalties…


Research highlights new era of threats from IoT Third Party Risk

Ready or Not – IoT Third Party risks have arrived Research conducted by The Ponemon Institute, and shared in the latest white paper from Shared Assessments, has found that efforts to mitigate IoT third party risks need to significantly improve. The research highlights the fact that companies are relying on legacy technologies and governance practices to…


Seven Stages to Vendor Risk Management

A few thoughts on Vendor Risk – One of the key problem areas of enterprise risk management is vendor risk. Managing hundreds to thousands of vendors, suppliers, outsourcers and other third-party relationships is difficult in the best of financial times. With shrinking budgets and fewer staff, how can vendor risk management be performed correctly? These…


Just 2 Years to go until EU GDPR – Time to start your 7 steps to Managing Third-Party Risk?

A few thoughts on GDPR and Managing Third Party Risk – Today marks the 2 year countdown until EU General Data Protection Regulations (GDPR) come into full effect. GDPR will expand and extend the current data protection requirements for anyone processing Personally Identifiable Information (PII).  The regulation introduces some tough new penalties of fines of…