SANTA FE, N.M., June 21, 2017 /PRNewswire/ -- The Shared Assessments Program announces the release of two new program resources:
- Evaluating Cloud Risk for the Enterprise: An Updated Shared Assessments Guide; and
- The companion Assessment of Public Cloud Computing Vendors best practices white paper.
These resources have been developed to address the unique concerns and emerging best practice solutions for outsourcers around security and controls for cloud vendor use. Included are practical recommendations, questions to discuss with cloud providers, and lessons learned for control domains that are cloud-related.
"Cloud is quickly becoming the de facto industry model for providing computing services. The Evaluating Cloud Risk for the Enterprise white paper enables enterprise organizations to build a cloud strategy and a scalable assessment program to manage their numerous cloud vendors," says Niall Browne, SVP Trust & Security, CSO at Domo, and Shared Assessments Program chair of the Enterprise white paper committee.
The recommendations provided may be used in conjunction with Shared Assessments Program Tools and resources, or may be selected and incorporated into other types of audits or assessments of environments containing cloud elements, such as the AICPA Service Organization Control (SOC) or Statements on Standards for Attestation Engagements (SSAE).
Using these resources, risk professionals at all levels can gain a greater understanding of key issues as they plan and implement management programs for their own computing services and other critical enterprise functions in the cloud:
- In developing a comprehensive plan for evaluating, risk ranking and cost-effectively selecting cloud providers and solutions.
- With the goal of enabling successful deployment and integration across departments and lines of business.
The benefits of applying these best practices to support critical enterprise activities include:
- Improving ability to detect and respond to cyber-related events.
- Improving accountability in down-chain providers.
- Increasing the probability that regulatory compliance will be better documented.
- Improving event investigations outcomes for continuous improvement efforts.
The updated Guide and companion paper are based on the combined experience of the hundreds of Shared Assessments members and peer organizations across all verticals who have successfully integrated cloud computing into their operations. We extend special thanks to the members of the Steering Committee who served as leads for the development of these two valuable program resources: Niall Browne, SVP Trust & Security, CSO, Domo for Evaluating Cloud Risk for the Enterprise, and Shawn Malone, Founder & CEO, Security Diligence, LLC for Assessment of Public Cloud Computing Vendors.
For more information, visit: http://sharedassessments.org/understanding-evaluating-cloud-use-enterprise-wide/
About the Shared Assessments Program
The Shared Assessments Program is the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market that make robust third party risk management affordable, and has done so for more than a decade. Shared Assessments members are national and international organizations of all sizes that understand the importance of comprehensive standards for managing risk. Member-driven development of program resources helps organizations to effectively manage the critical components of the third party risk management lifecycle by creating efficiencies for conducting rigorous assessments of controls for cybersecurity, IT, privacy, data security and business resiliency. The Shared Assessments Program is managed by The Santa Fe Group, a strategic advisory company based in Santa Fe, New Mexico.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/enterprise-cloud-risk-guide--assessment-best-practices-300477144.html
SOURCE The Santa Fe Group, Shared Assessments Program