Blog

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • It's officially 2021! Make sure you start the year off right by staying on top of vendor management news and resources. Read through the top articles we recommend you are aware of.
  • The best strategy for preparing for an examination is vigilance. Vigilance in the third-party risk world means you’re always prepared and ready to answer any auditor's or examiner’s document request well ahead of time. By keeping everything up to date, you avoid the crush to meet your examiner’s deadlines.
  • While cybersecurity has been more critical than ever since we decided to move all our business operations online, there has perhaps been no greater reminder just how important it is to safeguard our sensitive data than the calamities we lived through in 2020. Bad actors scamming everyone they can, data thieves stealing intellectual property and identity thieves hard at work while the rest of the world has scrambled to adjust to drastically different working and living conditions.
  • As third-party risk professionals, we’re all too familiar with data breaches and bad actors. And, when a really nasty one occurs, especially one that could potentially threaten national security, we feel the effects alongside the rest and are strongly reminded why third party-risk management is so important.
  • According to a Mordor Intelligence study, vendor management is growing at 14% year over year and is expected to continue this growth through 2025. Unfortunately, most vendor management programs have little to no budget and are staffed with part-time personnel, or at most, three to five full-time employees.
  • In the risk management industry, we throw a lot of terms around. We volley labels like third-party risk management, vendor management, vendor risk management, due diligence, vendor owners, vendor managers and dozens of acronyms and shorthand for many similar, yet distinct, concepts so often that it's quite easy to lose the thread of what we’re actually talking about.
  • A common misconception is "If you have an enterprise risk management (ERM) platform, you don’t need a third-party risk management (TPRM) platform.” Not only is that not the case but it's also a very dangerous way of thinking. You absolutely need both.
  • When it comes to third-party risk, regulators in the healthcare industry, such as the Office for Civil Rights (OCR), Centers for Medicare and Medicaid Services and the Office of the National Coordinator for Health Information Technology, are primarily focused on how health providers, plans and clearinghouses (otherwise known as covered entities) manage their third parties that help them carry out healthcare activities and functions (otherwise known as their business associates). Typically, the primary guidelines on how they need to do this are established by OCR’s Health Insurance Portability and Accountability Act (HIPAA) and Health Information Trust Alliance (HITRUST).
  • If you’ve been in the finance industry a while, you’ve seen the extraordinary evolution of the regulatory environment over the last decade. It seems there is a regulation for every aspect of operations for banks and credit unions, and it isn’t uncommon for older regulations that were never really implemented (or should I say enforced by our regulators) to suddenly be required.
  • Can you believe it's already the end of the year? December is here, and with only a few weeks left of 2020, it's the perfect time to make sure you stay updated on recent industry news. Find out what you may have missed by reading below!
  • So… 2020, am I right? While I’m never an advocate of wishing time away, I think many people are eagerly awaiting that ball drop on December 31, so they can finally say goodbye to the extremity of this year. Unlike most new years, we may be more focused on getting back what we once had, as opposed to striving for more change. If nothing else, 2020 has provided for some deep introspection, and a rare opportunity to value things we never thought we would have to go without.
  • Without a doubt, 2020 will go down in history as the year we all learned the value of a pandemic plan . It was the single most unusual year. Period. Risk went through the roof! Every risk category experienced dramatic elevation, and in some cases, third-party risk management was put on pause as we were all sent home to work and to educate our children. All the while, organizations scrambled to meet the technology and human demands of lockdown. And at the same time, devastatingly, many lost their lives.
  • Santa’s on the way, and well… it looks like all you may be getting this year are “SOCs.” Oh boy. Well, at least it’s better than coal. All jokes aside, SOC reports can be confusing business. As you may be aware, SOC reports are independent audit reports defined by the American Institute of Certified Public Accountants (AICPA) and are performed by a certified public accountant (CPA). So, now that you have one on your desk, how do you know what kind of SOC report it is? You’ll often see a SOC 1, SOC 2 or SOC 3. There are other SOC types, such as the SOC for Cybersecurity and SOC for Supply Chain, but those haven’t taken off yet, so they’ll be rare to see. Let’s discuss further and see if we can’t help you out.
  • It’s wild to think that we’re rapidly approaching the end of 2020, and 2021 is just waiting to make its arrival. For many, the promise of the new year has been a light at the end of the dark tunnel that has been this very challenging time. But, we’re not out of the woods yet, especially in the third-party risk arena (and truly, pandemic or not, managing vendor risk well is a never ending pursuit). If we hope to start off 2021 on the right foot, there are a few areas we’ll need to give some extra TLC.
  • We often get asked about the best practices around vendor management board reporting . It’s a challenge because there is no prescriptive template – however, from years in the business, one thing is clear: it’s crucial to ensure the tone-from-the-top by keeping your senior management team and your board informed on developments in your third-party risk management program. Especially when it comes to your critical and high-risk third parties.