Third-Party and Vendor Risk News

PowerSchool Data Breach: Lessons for GRC Leaders about the Newest Third-Party Risks

The PowerSchool data breach has become a defining example of third-party risk failure in education and EdTech. It's a harsh wake-up call for ethics, Governance, Risk, and Compliance (GRC) teams. What Caused This Data Breach? On December 28, 2024, PowerSchool confirmed a compromised credential had been used to access its PowerSource customer portal—a system that supports school staff across 17,000 districts and serves over 55 ...

Third-Party Risk Management for Stronger Compliance Security

Third-party risk management software introduces significant risks. If business operations are a house, vendors and third-party providers are the bricks holding it up. Exposing your valuable and highly confidential information to another company ups the ante for everything from cybersecurity threats to regulatory violations to operational disruptions and reputational damage. Done wrong, everything comes crashing down to the ground. When information is no longer in ...

Why Your Business Needs Third-Party Compliance Training

Third-party compliance training (or a lack of) has been hitting the mainstream media headlines, given our increasingly interconnected world. Case in point? When Equifax experienced one of the largest data breaches in history, it wasn’t their own security systems that failed—it was a vulnerability in a third-party software vendor¹. The result? Personal data for nearly 150 million people was exposed, leading to a $425 million ...

By |2025-04-28T03:07:13+00:00March 2nd, 2025|Ethics & Compliance Learning, Third-Party and Vendor Risk|

Holiday Cheer or Ethical Fear? How to Manage Corporate Gift-Giving

Corporate gift-giving can spark compliance challenges if not done ethically. Corporate policies must consider variables, such as: What kind of gift? What is its value? What are the cultural expectations around this gift? What is the context in which the gift is exchanged? Can this gift be considered a bribe? Has it been gifted to carry a weight of expectation? Or is it merely a ...

The German Supply Chain Act

Building your data-driven approach to risk analysis As of January 1, 2024, the German Supply Chain Act (LKSG) governed by the Federal Office for Economic Affairs and Export Control mandates that companies in Germany with over 1,000 employees comply with obligations aimed at ensuring responsible supply chain management. With more organisations than ever feeling the pressure, leveraging data is the greatest way to identify, assess ...

Practical Strategies for Managing Your Third-Party Vendor Risk

In today's business landscape, companies rely on a network of vendors to deliver essential services. This dependence on third-party service providers spans various industries, including finance. Outsourcing tasks to these providers allows firms to leverage specialized skills, cutting-edge technologies, and gain operational efficiencies. However, with this reliance comes increased risk. Adversaries are targeting easier pathways into organizations, often exploiting vulnerabilities in third-party relationships. As businesses ...

How to Prepare for the German Corporate Due Diligence Obligations in Supply Chains Act

As global supply chains become increasingly scrutinized, understanding and meeting the German Corporate Due Diligence Obligations in Supply Chains act (CDDOSC) is more critical than ever. By complying, businesses not only adhere to legal requirements, but also build a resilient, ethical, and competitive presence in the global market. In this eBook we break down how organizations operating in Germany should approach their responsibilities regarding human ...

The Modern Approach to Global Conflicts of Interest

With organizations always looking to scale, the interactions between staff, vendors, and deals become multifaceted. These interactions pose a significant risk due to potential unethical decision-making when conflicts of interest arise. To mitigate these risks, organizations are expected to have robust policies in place that cultivate trust and transparency for stakeholders. Failing to do so can have vast repercussions when it comes to reputation, integrity, ...

Watch our GRC Webinar: Benchmark Results and Best Practices

Your stakeholders are increasingly inquiring about what your organization is doing in terms of ESG, Ethics, Risk, Cybersecurity and Assurance. It is imperative to mature your GRC function and to truly understand what a mature GRC function looks like in terms of methodologies, ways of working, and level of integration between your second and third line of defense (compliance and risk). Register below to watch ...

Watch The Board Just Asked You “What’s our ESG Strategy?”…Now What? (Video)

In this webinar we discuss the fundamental steps you can take to implement an effective ESG program. Our speakers Jon Bricker from SAI360 and Kevin Sasser from Argos Risk discuss the following questions: How can professionals in the field of environmental and corporate governance effectively navigate their careers in the modern era of ESG? What strategies can be employed to shape the priorities of board ...

By |2023-11-16T14:43:43+00:00November 16th, 2023|Ethics & Compliance Learning, SAI360, Third-Party and Vendor Risk|