Latest Blog Articles

Read the Latest Blog Posts
Knowledge. Useful. Quick. 


Stay up-to-date by reading useful articles from industry thought leaders who tackle common challenges and discuss current or proposed industry regulations.

  • Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
  • Energy organizations rely on complex supply chains worldwide, which can expose them to third-party cyberattacks and data breaches. It's crucial to identify, assess, mitigate, and manage the cybersecurity risks associated with third-party suppliers . To that end, the North American Electric Reliability Corporation (NERC) has established standard CIP-013-1 Cyber Security – Supply Chain Risk Management to protect energy organizations from cyberattacks.
  • Technology vendors, such as data centers, cloud service providers, and credit card processors, must be assessed as part of an organization’s overall third-party risk management (TPRM) program. A third-party vendor’s SOC 2 report is an essential due diligence element that reveals details about a vendor’s control environment related to one or more of the five Trust Services Criteria – security, availability, processing integrity, confidentiality, and privacy.
  • On July 9, 2024, the Basel Committee on Banking Supervision (BCBS) released their proposed consultative document, Principles for the Sound Management of Third-Party Risk , intended for large, internationally active banks and their prudential supervisors, as well as smaller banks and authorities in all member countries. The principles create a common baseline for managing third-party risks, while allowing flexibility to accommodate evolving practices and regulatory frameworks.
  • If you’ve ever been intentional about setting personal or professional goals, you may be familiar with the criteria known as S.M.A.R.T. Specific, measurable, achievable, relevant, and time-bound goals are more likely to be achieved than those which are vague, unrealistic, and open-ended. Measuring goals is particularly important because it provides concrete data on the progress made towards your objectives.
  • Commercial real estate brokers face a significant concern when it comes to third-party relationships – vendor risk. Given the industry's nature, brokers often rely on various vendors, such as real estate appraisers, inspectors, and title companies. These partnerships can expose brokers to potential risks that can jeopardize brokers’ operations, finances, and reputation. A well-designed vendor risk management (VRM) program is crucial for commercial real estate brokers to safeguard against these inherent risks.
  • The concept of independence has been a significant aspect of human history and culture. It pertains to the ability of individuals or groups to make their own decisions and act freely, without being influenced or controlled by others. In July, we often commemorate the courageous actions taken by people in history to gain their independence. The signing of the Declaration of Independence in the U.S. and the storming of the Bastille in France are two examples of such events that were born out of a desire to break free from oppressive rule and achieve self-determination.
  • Stay up-to-date on the latest vendor risk management news happening this month. Check out the articles below.
  • Third-party risk management (TPRM) involves a wide range of activities, tasks, and stakeholders to identify, assess, mitigate, and monitor the risks associated with third-party relationships. This includes conducting risk assessments, due diligence, reviewing third-party documentation , contract reviews, monitoring, and periodically re-evaluating the relationship. Many organizations have turned to third-party risk management software platforms to help organize and streamline the workload. While these platforms can offer invaluable resources and features, selecting the right one for your organization can be challenging.
  • Certain industries, like finance and healthcare, are at a higher risk of data breaches because they deal with vast amounts of sensitive information. While the finance industry has its own standards for protecting consumer data, healthcare organizations must follow expectations outlined in the Health Insurance Portability and Accountability Act (HIPAA) .
  • If your organization relies on a cloud service provider (CSP), the recent Snowflake data breach has likely created significant concern. As many as 165 Snowflake customers have been impacted by the data breach, which may include hundreds of millions of personal records. Even if your organization wasn’t directly impacted by the breach, it’s important to take note of the incident and consider whether your third-party risk management (TPRM) program is prepared to respond. This involves ensuring that your third-party CSPs are following best practices to keep data safe and secure.
  • When the Interagency Guidance on Third-Party Relationships: Risk Management was released in 2023, financial institutions of all sizes were given a framework for building a compliant third-party risk management (TPRM) program. Smaller organizations, like community banks, often have fewer resources to meet regulatory expectations, which can create unique challenges in TPRM compliance.
  • Onboarding a new vendor can be a lengthy process, especially when you consider all the work that goes into contract management, such as negotiating the terms and reviewing service level agreements (SLAs) . Many organizations choose to streamline this process by using vendor contract templates that can be customized for various third-party relationships.
  • Cloud service providers (CSPs), also known as cloud vendors, are quickly becoming the norm in today’s business world. Many organizations are using CSPs to gain a competitive advantage and further their goals around innovation, while others are growing more reliant on this technology for their daily operations. In fact, Gartner predicted that cloud platforms will be considered a business necessity for most enterprises by 2028.
  • Organizations of all sizes and industries continue to be at risk of sophisticated cybersecurity threats. Supply chain attacks in recent years have brought even more attention to the importance of third-party risk management (TPRM). The National Institute of Standards and Technology (NIST) periodically releases new and updated standards and frameworks to address these threats and instruct government agencies on how to protect against evolving third-party risks.