SANTA FE, N.M., March 14, 2017 /PRNewswire/ -- The Shared Assessments Program is the only organization that has uniquely positioned and developed standardized resources to bring efficiencies to the market that make robust third party risk management affordable, and has done so for more than a decade. Such standardization is critical to the advancement of effective, secure third party controls and risk management in an otherwise fractured market. As part of our 2017 initiative, we're formalizing the Shared Assessments Third Party Risk Management Framework. This agnostic and holistic framework will be freely available and will further raise the bar for all organizations that want to achieve rigorous third party controls for cybersecurity, IT, privacy, data security and business resiliency and the current threat environment.
The Challenge: Third and fourth party risk management, as well as risks posed by new, transformative technologies (IoT, Fintech, etc.), are increasingly on the agenda at the Board and C-Suite levels.
Third party risk now extends beyond regulated industries to all outsourcers and verticals:
The 2016 Data Breach Investigations Report shows new sectors have joined the financial sector in high frequency of cyberattacks, notably Gaming, Information Technology and IT services, Public Entities, Professional Services and Healthcare.
Outsourcing and emerging technology open up strategic, financial, quality and business resiliency risks; each with the potential to affect the outsourcer's compliance posture, services integrity and, ultimately, the organization's reputation and market position. In addition, the proliferation of unstandardized questionnaires and processes further complicates advancement of vigorous third party controls and risk management. Success within this evolving third party landscape means establishing and consistently employing best practices in the field.
Solution Building: Shared Assessments is founded on an unequalled, cross industry knowledge base and has become a standard for more efficient and less costly means of conducting rigorous assessments of controls for cybersecurity, IT, privacy, data security and business resiliency.
Our resources are developed by members and powered by the experienced thought leaders at The Santa Fe Group, who work collaboratively:
Raising awareness about third party risk issues;
Bringing best practices to light for our members and for the larger community;
Providing resources with the efficiencies that only standardization of third party risk tools and processes can achieve; and
Providing training and skills certification that holistically address the key elements of a solid third party risk management program.
The Shared Assessments Program's 2017 Strategic Risk Management Initiative: This initiative addresses the needs of the business community through:
Third Party Risk Management Framework: Shared Assessments was the first to articulate a framework that embodies a 'trust, but verify' approach. We are taking this to a new level in our end-to-end process framework unique to the third and fourth party risk management landscape, which will be available to all and relevant to both beginner and advanced practitioners.
Research and Publications: Expansion of member committees to capture and disseminate best practices and expand the learnings of the marketplace.
Awareness Groups: Building off the tried and true Best Practices and Regulatory Compliance Awareness Groups, 2017 sees the creation of vertical strategy groups that examine unique, industry-specific third party risk needs.
Certification and Leadership Group Training: Expansion of the Certified Third Party Risk Professional (CTPRP) program, with online training and testing availability. A new Certified Third Party Risk Assessor (CTPRA) training is being developed that will explore the deeper level of understanding of risk controls required for an assessor.
Up-to-Date Third Party Risk Management Program Tools: Our member-led development committees ensure these tools are current and aligned with regulations, industry standards and guidelines:
The Vendor Risk Management Maturity Model (VRMMM) is now provided FREE, allowing organizations to evaluate their program against a comprehensive set of best practices.
The Standardized Information Gathering (SIG) questionnaire provides the most comprehensive and only standardized third party risk questionnaire in the industry. As outsourcer needs and third party relationships differ, Shared Assessments is creating enhanced, automated SIG scoping capabilities to fit specific risk needs.
The Standardized Control Assessment (SCA) procedures (formerly the Agreed Upon Procedures – AUP) is being renamed to better reflect the Tool's purpose and role as a validation methodology. Standards are being developed to guide assessors in the use of the SCA to ensure assessors using the SCA meet appropriate qualifications and quality assurance checks.
Increased International Third Party Risk Involvement: Shared Assessments is responding to the increased request for guidance from businesses that operate globally, including those headquartered in the US that operate in UK and APAC (Asia-Pacific) markets. This response includes convening roundtables, summit participation and publications and inclusion of more international players to increase the knowledge base in this area.
The Shared Assessments Program is managed by The Santa Fe Group (www.santa-fe-group.com), a strategic advisory company providing unparalleled expertise to critical infrastructure organizations. The core of The Santa Fe Group's belief system is that, despite how complicated the world of commerce might be, business can—and should—be a good citizen. We help organizations determine core values, make meaningful connections, facilitate collaboration and affect change. For more information on Shared Assessments, please visit: http://www.sharedassessments.org.
MEDIA CONTACT: Marya Roddis, Vice President of Communications Direct Line: 575-235-8228 Messages: 505-466-6434 [email protected]
SOURCE The Santa Fe Group, Shared Assessments Program