risk-assessment
Safeguard articles tagged "risk-assessment" — guides, analysis, and best practices for software supply chain and application security.
13 articles
ISO 27001 risk assessment methodology
A practical breakdown of the ISO 27001 risk assessment methodology under the 2022 revision, where GRC platforms like Vanta fall short, and how to build a register that survives Stage 2 audits.
HIPAA compliance requirements for covered entities
What covered entities actually need under HIPAA's Privacy, Security, and Breach Notification Rules—and why compliance dashboards alone won't satisfy an OCR audit.
ISO 27001 risk assessment: how to conduct one
A practical walkthrough of how to run an ISO 27001 risk assessment—scoping, scoring, Annex A mapping, and why supply chain controls need real evidence, not questionnaires.
Software Supply Chain Legal Risk Assessment Template 2026
A working template for legal and security teams to assess software supply chain risk against contractual, regulatory, and licensing exposure in 2026.
SBOM Enrichment and Vulnerability Correlation: Turning Inventory into Intelligence
A raw SBOM is a parts list. An enriched SBOM is a risk assessment. Here's how to bridge the gap.
Security Posture Assessment: A Step-by-Step Method
A security posture assessment turns 'are we secure?' into a measured, repeatable answer. Here is a six-phase method — from asset inventory to a scored, prioritized gap list you can act on.
Product Security Assessments: What They Actually Cover
A product security assessment looks at more than code, it evaluates the whole shipped product: architecture, dependencies, deployment configuration, and the data it touches.
Third-Party Risk Management for Software Vendors
A practical TPRM program for software vendors covering intake, tiering, annual review, SBOM ingestion, and continuous monitoring with staffing ratios and budgets.
Insurance Industry Software Risk Assessment and Supply Chain Security
Insurers manage massive amounts of sensitive data through complex software systems. Here's how the insurance industry should approach software supply chain risk.
Open Source Dependency Health Metrics That Actually Matter
Star counts and download numbers tell you popularity, not health. The metrics that predict dependency risk are harder to measure and more important to track.
Threat Modeling the Software Supply Chain
Traditional threat modeling focuses on your code. Supply chain threat modeling extends to every tool, dependency, and process that touches your software. Here is how to do it systematically.
Security Impact Analysis for Dependency Updates
Updating a dependency is not just a version bump. Here is how to assess the security impact of dependency changes before they reach production.