Safeguard
Tag

risk-assessment

Safeguard articles tagged "risk-assessment" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Regulatory Compliance

ISO 27001 risk assessment methodology

A practical breakdown of the ISO 27001 risk assessment methodology under the 2022 revision, where GRC platforms like Vanta fall short, and how to build a register that survives Stage 2 audits.

Mar 20, 20268 min read
Regulatory Compliance

HIPAA compliance requirements for covered entities

What covered entities actually need under HIPAA's Privacy, Security, and Breach Notification Rules—and why compliance dashboards alone won't satisfy an OCR audit.

Mar 20, 20266 min read
Regulatory Compliance

ISO 27001 risk assessment: how to conduct one

A practical walkthrough of how to run an ISO 27001 risk assessment—scoping, scoring, Annex A mapping, and why supply chain controls need real evidence, not questionnaires.

Mar 10, 20267 min read
Software Supply Chain Security

Software Supply Chain Legal Risk Assessment Template 2026

A working template for legal and security teams to assess software supply chain risk against contractual, regulatory, and licensing exposure in 2026.

Mar 9, 20266 min read
SBOM

SBOM Enrichment and Vulnerability Correlation: Turning Inventory into Intelligence

A raw SBOM is a parts list. An enriched SBOM is a risk assessment. Here's how to bridge the gap.

Feb 8, 20266 min read
SecOps

Security Posture Assessment: A Step-by-Step Method

A security posture assessment turns 'are we secure?' into a measured, repeatable answer. Here is a six-phase method — from asset inventory to a scored, prioritized gap list you can act on.

Jan 28, 20266 min read
SecOps

Product Security Assessments: What They Actually Cover

A product security assessment looks at more than code, it evaluates the whole shipped product: architecture, dependencies, deployment configuration, and the data it touches.

Jan 22, 20265 min read
Best Practices

Third-Party Risk Management for Software Vendors

A practical TPRM program for software vendors covering intake, tiering, annual review, SBOM ingestion, and continuous monitoring with staffing ratios and budgets.

May 7, 20246 min read
Industry Guides

Insurance Industry Software Risk Assessment and Supply Chain Security

Insurers manage massive amounts of sensitive data through complex software systems. Here's how the insurance industry should approach software supply chain risk.

Apr 18, 20247 min read
Open Source Security

Open Source Dependency Health Metrics That Actually Matter

Star counts and download numbers tell you popularity, not health. The metrics that predict dependency risk are harder to measure and more important to track.

Dec 5, 20236 min read
Threat Modeling

Threat Modeling the Software Supply Chain

Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.

Mar 22, 20238 min read
Dependency Management

Security Impact Analysis for Dependency Updates

Updating a dependency is not just a version bump. Here is how to assess the security impact of dependency changes before they reach production.

Oct 25, 20226 min read
risk-assessment — Safeguard Blog