News and Updates

Privva Announces Launch of Privva Ascent Maturity Model (PAMM) in Partnership with Shared Assessment

ARLINGTON, August 26, 2020 – Privva, the leading third-party risk management platform, and the Shared Assessments Program, authorities in risk management announced today the launch of the Privva Ascent Maturity Model (PAMM), an industry leading solution allowing organizations to evaluate the maturity level of their TPRM program. The PAMM is based on the Shared Assessments’ Vendor Risk Management Maturity Model (VRMMM), a risk management standard used by thousands of organizations to evaluate their program against a comprehensive set of best practice and industry benchmarks. Privva brings a cloud-based format to this essential benchmarking, allowing organizations to set goals and meet the sta

Lost in Translation: Rediscovering the Importance of Communications in Managing Third-party Cyber Ri

Every time a high-profile data breach is pinned on third-party cyber risk, it understandably sends a jolt through IT, risk managers’ and C-Level executives’ offices, as these leaders reflexively worry about whether their data or customers will be compromised in this way, next. From the “BlueLeaks” exposure of law enforcement agencies to T-Mobile’s most recent breach notification and a reported ransomware attack at precision manufacturer Visser, supplier to Boeing, SpaceX and Tesla, the headlines are relentless and can make leaders feel like they could be blindsided with a business or reputational crisis at any moment. Cybersecurity and compliance professionals frequently look first to securi

Do Not Ignore: Three Critical Triggers for Third-Party Reassessment

Third-party risk assessment is an essential component of any comprehensive cybersecurity strategy. By now, the majority of customer organizations employ some sort of risk assessment prior to or as part of onboarding. But it’s not one and done—a mature risk assessment program should never be static. While many companies follow a standard schedule that can vary by organization, we also see clients categorize their third parties according to the criticality to their business and use that as the main driver of their assessment schedule: RISK TIER 1 (Mission Critical) – Assess annually or more frequently as preferred RISK TIER 2 (High Critical) – Assess every 18 months or more frequently RISK TIE