News and Updates

By now, anyone in the US Department of Defense supply chain should know about the new Cybersecurity Maturity Model Certification (CMMC). Knowing what to do about it is something else.

The goal of CMMC is to utilize five maturity levels, ranging from Basic Cyber Hygiene to Advanced/Progressive cyber practices, to ensure information protection in the defense...

Sending countless emails? Making unnecessary phone calls? If you’re tired of chasing vendors to submit your security assessment questionnaire, we hear you. Anyone tasked with leading or executing a vendor risk management program knows the administrative aspects can be a heavy lift. In most cases, it’s up to 80% of the workload!

Regardless, it’s a critical...

The sheer volume of third parties and suppliers that corporations now engage has manifested an unduly complex system of vendor security assessments. Additionally, more stakeholders, especially Senior Management and Boards, require insight into the risks and vulnerabilities that come from using outside suppliers. With different performance demands, varying...

SIG Integration Reduces Time-to-Value For Enterprises and Their Vendors

Privva, a leading third-party risk management platform, announced it has extended its relationship with Shared Assessments to offer the Shared Assessments Standard Information Gathering (SIG) questionnaire to include the 2020 version. Privva makes vendor risk management easy, utilizing...

ARLINGTON, VA - 10/14/2019 (PRDistribution.com)

Industry Experts Join Privva’s Advisory Board 

Privva is delighted to announce the formation of our new Advisory Board. This board will help shape and guide the strategy of the Privva third-party risk management platform. 

"I am excited to welcome Joanne and Lonny to the Privva team.

Their expertise w...

Introducing Privva Courses - Sign up for Privva's "How to Build a Top-Tier Vendor Risk Assessment Program" — a 7-day e-mail based course on how jumpstart your third-party risk assessment program, with guides and perspectives from our experienced risk assessment team

Third-party risk management is becoming standard operating procedure across many organizati...

Privva is excited to announce we are now offering The Higher Education Cloud Vendor Assessment Tool (HECVAT) on our platform.  This content is helping Higher Education institutions simplify the process of assessing their vendors.

The HECVAT was created by the Higher Education Information Security Council (HEISC) Shared Assessments Working Group, in collabo...

A recent Ponemon study found that only 34% of companies maintain a comprehensive list of their vendors. 69% of the participants in the study blamed “a lack of centralized control” as the key factor as to why a comprehensive inventory had not been created.

Security departments must take a leading role in these situations in order to effectively manage the r...

Electric Utility Sector Third Party Risk: FERC Order No. 850

As of December 2018, new supply chain risk management reliability standards (Order No. 850) issued by the Federal Energy Regulation Commission (FERC) went into effect.

Going forward, electric utilities must assess their vendors during planning and procurement to confirm adequate security posture a...