by Jeremy Sporn | Sep 28, 2020 | Vendor Due Diligence
Reading Time: 2 minutes
When it comes to vendor due diligence, I often see organizations make the mistake of overlooking one key aspect. Most vendor risk management programs and practitioners are always focused on the vendor risks – the risks that...
by Jeremy Sporn | Sep 25, 2020 | Third Party Risk Management
Reading Time: 2 minutes
Managing vendor risk isn’t easy. Often it’s time-consuming and expensive, and diverts scarce resources from other critical tasks. As a result, many companies have ad hoc, inconsistent or weak vendor due diligence programs....
by Jeremy Sporn | Sep 15, 2020 | ISO 27001 Certification
Reading Time: 2 minutes
Getting an ISO 27001 certificate from a vendor is an overarching statement that, yes, they have an information security management system (ISMS) that meets the requirements of the ISO 27001 standard. But what is the scope of...
by Jeremy Sporn | Aug 20, 2020 | Third Party Risk Management
Reading Time: 3 minutes
The so-called “iron triangle” of project management states that you can make something better, faster OR cheaper—pick any two. But you can never have all three. Making it cheaper makes it less good, making it happen faster increases...
by Jeremy Sporn | May 13, 2020 | Third Party Risk Management
Reading Time: 2 minutes
The Shared Assessments Program offers multiple tools to assess third-party information security risk. Probably the best-known of these tools is the Standardized Information Gathering (SIG) questionnaire. A growing number of...