Thomas Humphreys

Prevalent Compliance Expert

Published Work

SEC Cybersecurity Disclosure Rules: 9 Key Questions to Ask Third Parties

Ask your vendors and suppliers about their cybersecurity risk management, governance, and incident disclosure processes to...

10/24/2024 by Thomas Humphreys
Third-Party Risk Management Frameworks: An Overview

No single approach is ideal for every organization, but some commonly used frameworks serve as a...

08/19/2024 by Thomas Humphreys
How CIOs can ease the generative AI transition for developers

Software developers require clear goals, training and open communication as the technology becomes part of work...

06/17/2024
How to Use SOC 2 Reports from Vendors and Suppliers

SOC 2 reports can simplify your third-party risk management program. Here are 7 FAQs to get you started!

04/10/2024 by Thomas Humphreys
The Standard Information Gathering (SIG) Questionnaire Explained

Learn about the SIG Core and SIG Lite assessments and how you can use them to...

12/20/2023 by Thomas Humphreys
SIG 2024: Key Updates and Considerations

Uncover key changes in the Standard Information Gathering (SIG) Questionnaire for 2024 and learn what these...

11/20/2023 by Thomas Humphreys
SIG 2023: What's New in the Latest Update

Discover key changes in the Standard Information Gathering (SIG) Questionnaire, and learn how they can be...

11/29/2022 by Thomas Humphreys
15 Critical NIST 800-53 Controls for Supply Chain Risk Management

Sorting through thousands of NIST security controls can be time-consuming. Use this guidance to focus on...

03/17/2022 by Thomas Humphreys
SIG 2022: What’s New and How to Benefit

Updates to the Standard Information Gathering Questionnaire (SIG) include simplified questions, additional control mappings, and new...

12/01/2021 by Thomas Humphreys