third-party-risk
Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.
54 articles
Introducing Safeguard TPRM: Evidence-Based Third-Party Risk Management
Safeguard's new TPRM module replaces vendor questionnaires with SBOM-driven, continuous third-party risk assessment.
NIST SP 800-161 Rev. 2 Third-Party Risk 2026
NIST SP 800-161 Rev. 2 reshapes cyber supply chain risk management for federal contractors and commercial buyers. Here is what engineers must operationalize.
Automating Third-Party Risk Assessment: Moving Beyond Spreadsheets and Questionnaires
Why manual vendor risk assessments are failing, and how automation is reshaping third-party risk management for software supply chains.
Third-Party Risk Assessment Automation Playbook for 2026
A practical playbook for automating TPRM in 2026: what signals to ingest, where humans still matter, and how to turn vendor questionnaires into continuous monitoring.
What is Vendor Risk Management
Vendor risk management now means tracking code-level supply chain risk, not just SOC 2 reports—here's what it covers, how to tier vendors, and what regulations require it.
Synnovis NHS Qilin Ransomware: Pathology Supply Chain Lessons
Eighteen months after Qilin encrypted Synnovis, the pathology provider finally finished notifying NHS trusts. We unpack how a single supplier paralysed London hospitals and how defenders can prepare.
Software bill of materials expectations from banking regu...
FFIEC and OCC examiners now expect banks to show software transparency. Here's what SBOM banking regulators actually ask for, and how to be ready before the next exam.
Software supply chain risk in cryptocurrency exchange and...
How compromised wallet SDKs, smart contract dependencies, and stale third-party audits are driving nine-figure crypto exchange breaches like Bybit and Ledger.
GLBA Safeguards Rule requirements for software vendor ris...
What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.
HIPAA compliance and software composition analysis for he...
HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.
Third-party risk assessment for insurtech SaaS platforms
A practical playbook for running an insurtech third-party risk assessment across vendors, APIs, and integrations before they touch policyholder data.
Third-party risk management for retail supply chain and l...
A practical, step-by-step framework for assessing and monitoring retail logistics software vendor risk, from SaaS onboarding to inventory system offboarding.