Papers and Studies

The Standardized Information Gathering (SIG) Questionnaire acts as a bridge between vendors and outsourcers, offering value to both parties in managing third-party risk. Outsourcers use the SIG to assess their existing and prospective service providers, while vendors use the SIG to respond to these same customers. In this way, the SIG Questionnaire creates a common […]

This is the executive summary for the paper: Third Party Onsite Assessment Best Practices: Practitioner Guide. Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing […]

Onsite assessment is an escalation of due diligence processes conducted to gain greater in-depth validation—where warranted—at any point in the risk management process across the third party relationship lifecycle. This deep dive provides the foundation for planning and executing assessments in a consistent, documented, logical, and transparent manner to carry out an efficient onsite engagement. […]

Reputation is the currency by which organizations work and survive. Organizations that build and maintain positive reputations gain competitive advantage and credibility. Our newest briefing paper offers practical guidance for managing reputation risk by providing a TRPM Reputation Risk Framework which includes practices for Governance, Due Diligence, and Incident Management and Reporting. The principles offered […]

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 2: Supplier/Vendor Contracts describes contracts as being fundamental in identifying, selecting, mitigating, and minimizing exposures and risks when outsourcing. Knowing the associated risks a vendor poses to the organization – and putting controls in […]

This series affirms the value of having Third-Party Risk Management (TPRM) and Procurement/Sourcing actively engaged as partners in vendor management. Part 1: Supplier/Vendor Lifecycle explores the benefits of business units sharing responsibility for vetting, onboarding, monitoring, renewing, and terminating vendors, detailing activities for Procurement and Risk Management within each lifecycle phase.

This paper provides process and program guidance on meaningful, incremental improvements for organizations of all sizes, whether operating locally or globally. The content is designed for both beginning and seasoned security and TPRM practitioners, with an introduction to help inform C-Suite and Board discussions to determine what is at risk; how to manage those risks; […]

In our 2023 Third-Party Risk management Product Suite, we have 131 questions that cover Environmental, Social, Governance (ESG) within the Standardized Information Gathering (SIG) Questionnaire. ESG is now its own risk domain which allows users to scope an ESG-specific SIG. You will be able to complete a SIG for your organization and you can use […]