vendor-risk-management
Safeguard articles tagged "vendor-risk-management" — guides, analysis, and best practices for software supply chain and application security.
29 articles
CCPA/CPRA compliance overview for businesses
A practical breakdown of CCPA/CPRA compliance requirements, thresholds, penalties, and 2026 audit rules — and why software supply chain visibility is core to "reasonable security."
Enterprise GRC vs point compliance tools: what's the diff...
Compliance automation tools like Drata optimize for audit prep. Enterprise GRC runs risk, vendor, and software supply chain programs continuously. Here's the real difference.
What is Vendor Risk Management
Vendor risk management now means tracking code-level supply chain risk, not just SOC 2 reports—here's what it covers, how to tier vendors, and what regulations require it.
GLBA Safeguards Rule requirements for software vendor ris...
What the FTC's GLBA Safeguards Rule requires for vendor risk management: contract terms, assessment frequency, and liability when a vendor fails.
Securing electronic health record (EHR) software supply c...
How the Change Healthcare breach, weak EHR vendor risk management, and exposed HL7 FHIR APIs turned healthcare's software supply chain into its biggest security gap.
Third-party risk management for telehealth platforms
A six-step playbook for telehealth vendor risk management: inventory PHI flows, tier HIPAA business associate risk, run SCA on vendor SDKs, and monitor continuously.
How to conduct a software supply chain risk assessment fo...
A step-by-step guide for insurance carriers to assess software supply chain risk in vendor portfolios, from SBOM collection to continuous monitoring.
Software supply chain security for telecom network infras...
Why telecom network software supply chain security demands continuous SBOMs and vendor risk oversight — from 5G base stations to core networks — and how carriers are closing the gap.
Third-party risk management for telecom equipment vendors
A practical playbook for vetting telecom equipment vendors: supply chain checks, hardware/software audits, and procurement security controls.
Software supply chain security for e-commerce platforms
Real breaches show how plugins, vendor scripts, and headless stacks put online stores at risk — and how to detect supply chain attacks before customers do.
Securing the retail point-of-sale (POS) software supply c...
BlackPOS hit 40M Target cards in 2013. See how retail POS software supply chain security stops firmware tampering, malware, and vendor risk today.
Third-party risk management for retail supply chain and l...
A practical, step-by-step framework for assessing and monitoring retail logistics software vendor risk, from SaaS onboarding to inventory system offboarding.