Blog tag

Third-Party & Vendor Risk

Articles from the SimpleRisk blog tagged Third-Party & Vendor Risk: governance, risk management, and compliance insights.

European Regulation Is an Ecosystem, Not a Checklist

European Regulation Is an Ecosystem, Not a Checklist

GDPR, NIS2, DORA, and the EU AI Act are not separate projects. They overlap on the same data, systems, and vendors, and treating them as one connected system beats a drawer full of checklists.
Navigating third-party risks with proper governance

Navigating Third-Party Risk with Robust Governance

Robust governance provides a sustainable way to mitigate third-party and supply-chain risk by establishing clear ownership, accountability, and transparency across all of the organization's vendor and partner relationships.
Chaotic Assessments to Third-Party Risk Calm

From 16 Vendor RFIs to One Assessment

Tired of juggling 16 separate vendor RFIs every year? Discover how SimpleRisk transformed one client’s chaotic third-party assessments into a single, streamlined process.

Risk puzzle pieces containing IT Risk, Supply Chain Risk and Operational Risk

Why 2025 Needs One Complete Risk Assessment

Your IT, supply chain, and operations teams may all see the same risks—but they don’t measure them the same way. That gap could be the biggest security vulnerability in your organization today.

A cybersecurity analyst is reviewing a vendor risk assessment on a laptop screen

Third-Party Risk Lessons from the Rock Face

Choosing the right third-party vendors is a lot like picking a reliable climbing partner—technical skills matter, but alignment in risk mindset is just as crucial. Learn how a harrowing descent from a multi-pitch climb revealed key lessons in risk management, trust, and the value of security certifications.

ISO 27001 Compliance in 18 Months

ISO 27001 Compliance in 18 Months

When a lost deal with the world’s largest healthcare company revealed a critical gap in SimpleRisk’s compliance posture, it set us on an 18-month journey to achieve ISO 27001 certification. From assessing our maturity and closing governance gaps to leveraging AI and tackling a rigorous third-party audit, we turned a challenge into an opportunity to enhance our operations and platform.

CIS Critical Security Controls

Using the CIS Critical Security Controls with SimpleRisk

We are frequently asked about using the CIS Critical Security Controls in SimpleRisk.  In this blog post you will learn about the different ways you can use their controls with our platform.

Putting the pieces together for an effective GRC program

8 Simple Ways to Effectively Launch Your GRC Program

Learn the 8 fundamentals we recommend to establish an effective Enterprise Risk Management process from the ground up, which will set the stage for a successful GRC program rollout.

An attacker assessing your third-party risk

The Right and Wrong Way to Assess Third-Party Risk

In this post, SimpleRisk's Founder and CEO walks us through the different approaches to assessing and managing third-party risks.

A person manually responding to a questionnaire instead of using risk assessments

Responding to Inbound Risk Assessments with SimpleRisk

Learn how to use our Risk Assessment Extra to manage inbound assessments within SimpleRisk. Create a repeatable process without purchasing a separate tool.

Keeping things simple b y using the Secure Controls Framework in SimpleRisk

Using the ISO 27001 Control Framework with SimpleRisk

ISO 27001 has become the most requested framework to use within SimpleRisk.  In this blog post you will learn about the different ways you can use their controls with our platform.

People celebrating together about the ease of using a Common Control Framework

The Benefits of a Common Control Framework for GRC

Struggling with managing compliance across multiple different control frameworks?  Learn how a common control framework can help you to simplify your compliance, saving you time and money.

Understanding the basic principles of governance

Governance 101: Back to Basics

Let’s go back to the basics and talk about what governance is and how you can use it to ensure that the information that reaches your executive team and other key stakeholders is complete, accurate and timely.

Understanding the basics of compliance

Compliance 101: Back to Basics

Let’s go back to the basics and break down what enterprise compliance is and how you can use it to ensure your organization is conforming with its stated requirements.

Frustrated CISO because his integrated risk management isn't very integrated

These CISOs GRC is Failing Them And I Know Why

Today I attended a CISO roundtable where a number of the attendees talked about their GRC platforms that have taken over a year to "connect all the wires" and they're still in the process of implementing. I know why their GRCs are failing them and there is a better way.
Ensuring customer success without the need for professional services

Why SimpleRisk Doesn’t Require Professional Services

This blog details how our approach varies from that of our competitor’s and how we ensure customer success without including professional services in our pricing model.

Understanding the basics of risk management

Risk Management 101: Back to Basics

Let’s go back to the basics and break down what enterprise risk management is and how you can use it to mitigate the risks that threaten your organization.

The Dialed In Podcast with Kyle Burt

Josh Sokol Featured on the 'Dialed In' Podcast

I joined Kyle Burt's "Dialed In" podcast to discuss cybersecurity topics like Bluekeep, career paths, and improving personal security. Missed it live? Watch the replay for an hour of insights and tips!

Risk Assessments with SimpleRisk

How to Perform Risk Assessments (with SimpleRisk)

Curious about how SimpleRisk simplifies internal and third-party risk assessments? Check out this quick 1-minute animated video showcasing our key capabilities in action!

Assessing Vendor Security Risks

Assessing Vendor Security Risks (with SimpleRisk)

Struggling to streamline vendor security assessments? Discover how the SimpleRisk Risk Assessment Extra transforms a complex process into a seamless experience, saving time while keeping your organization secure!

Pricing Integrity

Pricing Integrity and Why We Won't Play the Pricing Games

At SimpleRisk, we believe in transparent pricing and cutting out the games vendors play with discounts. Our goal is to provide affordable, straightforward risk management solutions so you can focus on what matters—managing your risks, not negotiating prices.