Safeguard
Tag

third-party-risk

Safeguard articles tagged "third-party-risk" — guides, analysis, and best practices for software supply chain and application security.

54 articles

Product

Introducing Safeguard TPRM: Evidence-Based Third-Party Risk Management

Safeguard's new TPRM module replaces vendor questionnaires with SBOM-driven, continuous third-party risk assessment.

Mar 22, 20267 min read
Compliance

NIST SP 800-161 Rev. 2 Third-Party Risk 2026

NIST SP 800-161 Rev. 2 reshapes cyber supply chain risk management for federal contractors and commercial buyers. Here is what engineers must operationalize.

Mar 17, 20267 min read
Best Practices

Automating Third-Party Risk Assessment: Moving Beyond Spreadsheets and Questionnaires

Why manual vendor risk assessments are failing, and how automation is reshaping third-party risk management for software supply chains.

Mar 12, 20267 min read
Compliance

Third-Party Risk Assessment Automation Playbook for 2026

A practical playbook for automating TPRM in 2026: what signals to ingest, where humans still matter, and how to turn vendor questionnaires into continuous monitoring.

Mar 10, 20265 min read
Compliance

What is Vendor Risk Management

Vendor risk management now means tracking code-level supply chain risk, not just SOC 2 reports—here's what it covers, how to tier vendors, and what regulations require it.

Jan 29, 20267 min read
Incident Analysis

Synnovis NHS Qilin Ransomware: Pathology Supply Chain Lessons

Eighteen months after Qilin encrypted Synnovis, the pathology provider finally finished notifying NHS trusts. We unpack how a single supplier paralysed London hospitals and how defenders can prepare.

Jan 9, 20267 min read
SBOM & Compliance

Software bill of materials expectations from banking regu...

FFIEC and OCC examiners now expect banks to show software transparency. Here's what SBOM banking regulators actually ask for, and how to be ready before the next exam.

Jan 4, 20267 min read
Software Supply Chain Security

Software supply chain risk in cryptocurrency exchange and...

How compromised wallet SDKs, smart contract dependencies, and stale third-party audits are driving nine-figure crypto exchange breaches like Bybit and Ledger.

Jan 3, 20267 min read
Regulatory Compliance

GLBA Safeguards Rule requirements for software vendor ris...

What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.

Jan 3, 20268 min read
Regulatory Compliance

HIPAA compliance and software composition analysis for he...

HIPAA doesn't name software composition analysis, but auditors increasingly expect it. Here's how healthcare teams use SCA to manage third-party risk and protect ePHI.

Jan 2, 20267 min read
Industry Analysis

Third-party risk assessment for insurtech SaaS platforms

A practical playbook for running an insurtech third-party risk assessment across vendors, APIs, and integrations before they touch policyholder data.

Dec 31, 20258 min read
Software Supply Chain Security

Third-party risk management for retail supply chain and l...

A practical, step-by-step framework for assessing and monitoring retail logistics software vendor risk, from SaaS onboarding to inventory system offboarding.

Dec 23, 20258 min read
third-party-risk (Page 3) — Safeguard Blog