Vendor-Provided Resources

This article will explore what SBOMs are, why they’re becoming table stakes for compliance, and how they help build software supply chain security.

To mitigate risks associated with cotton sourcing, it’s crucial to understand the market forces at play and the restrictions that exert pressure on both suppliers and business customers. Our latest white paper takes a closer look at three of these major risks.

Exiger recently hosted a panel discussion with trade, technology and security experts to reflect on the law’s enforcement and what lies ahead. Key insights emerged on why the law is so significant and what supply chain lessons businesses can learn today to continue to comply with the UFLPA. See the highlights below.

Welcome to Open Source, powered by breachsiren, the leading newsletter tracking recent data breaches and how much they cost.

Your critical vendors provide products or services which your organization is highly dependent on. One of the most challenging exercises in third-party risk management is how to establish standards for identifying who those critical vendors are. Learn the questions you can ask to determine if a vendor is critical or non-critical. 

Download the infographic to learn: 

• How to determine the criticality of your vendors

• Examples of critical third parties at your organization

• The distinction between a critical and high-risk vendor

In June, the Federal Reserve Board (the Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC) released official interagency guidance on managing third-party relationships and banks of all sizes are expected to comply now. What does this mean for your third-party risk management program? This eBook covers some of the essential details and highlights new or expanded expectations. 

Download the eBook to learn: 

• Who is covered under the new guidance 

• 7 key takeaways from the guidance

• Common questions about the guidance with answers

Results from Venminder’s seventh annual Third-Party Risk Management survey provides an in-depth look at current practices, challenges, compliance incentives, and third-party risk management benefits. This whitepaper is full of industry statistics from data collected on a wide variety of organizations and industries, including financial services, fintech, retail, food services, insurance, healthcare, information technology, and more in a nice balance of different sizes ranging from less than $1B assets or less than 100 employees to more than $10B assets or more than 5,000 employees. While third-party risk management is a well-established practice, it’s also a constantly evolving one. Organizations of all sizes and industries must continually adapt and change to effectively identify, assess, manage, and monitor vendor risks. 

Download the whitepaper for industry stats and best practices you need to be aware of to make informed decisions on topics such as: 

• Organizational structure and program investment

• Vendor landscape and operating models

• Vendor risk assessments and vendor due diligence questionnaires and requirements

• TPRM metrics, pressures, emerging risks, ROI

• Outsourcing TPRM

• And much more!

Third-party risk management guidelines and regulations are no longer only issued by financial services regulatory agencies. Many other industries are seeing the value in managing risk and looking at it with more scrutiny. And, it’s always recommended to look to one another and follow current third-party risk management best practices. This eBook contains helpful information and tips to comply with some of the third-party risk management best practices. 

Download the eBook to learn:

• Industry regulators and guidance and regulations to be aware of

• Key takeaways from each one

• Tips to comply with TPRM guidance and regulations

Writing and updating a third-party risk management policy can be a time-consuming process, and without guidance or help, it can be challenging to know where to start. 

These two valuable templates can be used as the foundation to customize and align to your organization’s third-party risk management framework. Each policy contains best practices and processes to meet regulatory requirements and/or follow the third-party risk management lifecycle. 

Download the templates for:  

• Two customizable and fillable third-party risk management policy documents 

• Instructions and supporting guides to assist 

• Best practice structure and flow 

• Following regulatory requirements in your third-party risk management policy 

• Aligning to the third-party risk management lifecycle

Performing a vendor risk assessment can be intimidating, but it’s a worthwhile time investment and a necessary component of a third-party risk management program. You don’t know the risk elements and level of risk associated with a vendor until you do one. Learn the tried-and-true steps to completing a vendor risk assessment by downloading this infographic. 

Download the infographic to learn:

• Steps to complete a vendor risk assessment 

• Determining inherent and residual vendor risk

• Next steps after the vendor risk assessment

Not all vendors have the same level of risk. Risk-based vendor due diligence will save you valuable time and resources in your vendor risk management program. To ensure your organization is more effectively managing vendor risk, it’s important to define the types, amounts, and frequencies of due diligence based on the vendor engagement’s risks. 

Download the infographic and matrix to learn: 

• What risk-based vendor due diligence is and why it matters

• The steps of performing risk-based vendor due diligence

• Examples of risk-based vendor due diligence

• A matrix that provides guidelines for the suggested frequency of due diligence reviews based on criticality and inherent risk

To verify your vendor has adequate internal control in place to protect your data, you must request and assess their SOC reports. It can get confusing what each SOC report covers and what each report means. To help guide you and your team in understanding what those differences are, here’s a simple one-page infographic. 

Download the infographic to learn:

• What the SSAE 18 and SSAE 20 are

• Definitions of each vendor SOC report and when to use them

• How each SOC report benefits your organization