Setting the Standards for
Vendor Assessments

  • The world’s most comprehensive standards for
    evaluating vendor risk
  • Ready-to-use tools for GRC and ERM solutions
    and IT vendor risk management software
  • Includes SOX, ISO 27001:27005, FFIEC, NYSE,
    GLBA, HIPAA and more
  • More thorough than SOC 2 at a substantially reduced cost

Membership

Membership
Community, leadership, visibility, resources.
Participate in a global community of GRC, ERM and risk management professionals.
Learn More »

Collaborate, network, create. Shape and refine the world’s most comprehensive standards for evaluating vendor risk.

Shared Assessments Portrait of Lynda C. Martel
"As a service provider, we have gained great benefits from the networking and knowledge sharing opportunities made available to us throughout the year."
— Lynda Martel, Director, Privacy Compliance Communications, DriveSavers Data Recovery, Inc., Shared Assessments Steering Committee Member
"Adopting the Shared Assessments Program enabled Deluxe to reduce cycle time, improve quality, & streamline the due diligence process. At Deluxe, two-thirds of our due diligence requests use Shared Assessment tool."
— Linnea Solem, CIPP, CIPP/C, Chief Privacy Officer, Director of Business Risk & Privacy Management, Deluxe Corp, Shared Assessments Steering Committee Member
"The Shared Assessments Program’s rigorous standards are equal to or better than all other standards. We are very satisfied with the acceptance by our clients."
— Timothy J. O’Brien, Senior Vice President, Yodlee

Licensing

License icon
Use our standards in your software product.
Power your GRC solution with the world’s most comprehensive vendor risk management content.
Learn More »

Your GRC solution,
powered by Shared Assessments.

"The Shared Assessments Program’s rigorous standards are equal to or better than all other standards. We are very satisfied with the acceptance by our clients."
— Timothy J. O’Brien, Senior Vice President, Yodlee
  • Use the world’s most comprehensive vendor risk management standards in your company’s GRC solutions
  • Out-of-the-box content for easy use
  • Choose a cost structure that works for your business

Get the Tools

Purchase icon
More efficient and less costly assessment processes.
Get faster, more efficient risk assessment tools at a fraction of the price.
Learn More »

The world’s most comprehensive vendor risk management tools at a fraction of the price.

"The Shared Assessments Program's rigorous standards are better than all other standards. We are very satisfied with the acceptance by our clients."
— Timothy O’Brien, Senior Vice President, Operations & Security, Yodlee Inc., Shared Assessments Member
  • The world’s most comprehensive vendor risk assessment at a fraction of the cost of a SOC audit
  • Created by leading corporate risk executives and IT leaders
  • Download and start using Shared Assessments today!

Resources & Education

Education
Build a successful vendor risk management program.
Workshops, seminars, white papers and more to build your GRC knowledge.
Learn More »

Learn more about GRC, ERM and vendor risk management at our workshops and special events.

"Integrating the full range of Shared Assessments content into our GRC platform gives our customers streamlined vendor management tools, empowering them to better manage the governance, risk and compliance issues surrounding their third-party relationships."
— Chris Caldwell, CEO, LockPath
  • Special topics in GRC, ERM and risk management for enterprises and suppliers
  • Techniques for using Shared Assessments in your ERM framework
  • Customized seminars and consulting with the Shared Assessments team
"Adopting the Shared Assessments Program enabled Deluxe to reduce cycle time, improve quality, & streamline the due diligence process. At Deluxe, two-thirds of our due diligence requests use Shared Assessment tool."
— Linnea Solem, CIPP, CIPP/C, Chief Privacy Officer, Director of Business Risk & Privacy Management, Deluxe Corp, Shared Assessments Steering Committee Member

The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security

PHI data breaches are growing in frequency and in magnitude. Protecting valuable health data is an important business decision for all health care organizations.

Authored by more than 100 health care industry leaders, this free report includes PHIve—a 5-step method to assess specific security risks and build a business case for the appropriate level of investment needed to safeguard PHI.

A free download is available at http://webstore.ansi.org/phi

News

“Right-Sizing” Your Vendor Risk Management Program

Published on May 10, 2013

Balancing the weights of risk, compliance and governance in today’s regulatory landscape. By Linnea Solem, Deluxe Read more

New Shared Assessments Tools Offer New Section for Assessing Mobile Device Risk, Evaluating the Maturity of Your Vendor Risk Management Program

Published on February 23, 2013

The Shared Assessments Program released to the public the new Standard Information Gathering (“SIG”) questionnaire, Agreed Upon Procedures (“AUP”) and Vendor Risk Management Maturity Model

The PHI Protection Network

In March of 2012, the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Shared Assessments Program, and the Internet Security Alliance (ISA), released a new report calling for enhanced security to safeguard protected health information: The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security.

A core group of contributors to this report recognized the need for industry-level support to expedite the adoption of PHI best practices. The result of this need generated the PHI Protection Network (PPN).

About the PHI Protection Network (PDF) »

In-House One Day Workshops

Shared Assessments Program Fundamentals: Navigating the Standard Information Gathering (SIG) Questionnaire and Agreed Upon Procedures (AUP)

Learn how to deploy the Shared Assessments Program Standardized Information Gathering (SIG) questionnaire and the SIG Management Tool (SMT) as a vendor risk assessment and a self-assessment tool.

Learn how to make the most of the Shared Assessments Program Agreed Upon Procedures (AUP) onsite assessment tool and AUP Report Template.

For more information, contact Joyce Crawshaw, Client Relations Manager, at 505-466-0448 or joyce@santa-fe-group.com.

About One Day Workshops (PDF) »

New and Updated Tools!

Updates include:

  • SIG 2013
  • AUP 2013
  • NEW Vendor Risk Management Maturity Model (VRMMM)
Visit our store to learn more »

2013 Members Only Initiatves

2013 Shared Assessments Member Committees, Working Groups and Special Interest Groups

Learn More »

Shared Assessments Logo cvs
Shared Assessments Logo Iron Mountain
Shared Assessments Logo Drive Savers
NationalStudentClearinghouse
Shared Assessments Licensee Bank of the West
Shared Assessments Licensee Power Advocate
Shared Assessments Logo Ernst & Young
MetricStream logo
Shared Assessments Logo Electric Company
Shared Assessments Licensee Rsam
Shared Assessments Licensee Lockpath
Shared Assessments Logo yodlee
Shared Assessments Logo Early Warning
Shared Assessments Licensee TD Ameritrade
Shared Assessments Logo zywave
intralinks-logo
Shared Assessments Program licensee Enode logo
Shared Assessments Licensee-Brainshark
Shared Assessments Logo dtcc
Shared Assessments Logo jb&r
Shared Assessments Logo sei
Shared Assessments Licensee LTD Financial Services
Shared Assessments Logo kpmg
Shared Assessments Program licensee Nice logo
Shared Assessments Licensee AON
Shared Assessments Licensee-Copytalk
Shared Assessments Licensee ctg
Shared Assessments Logo jpmorgan
Shared Assessments Licensee Generali USA
Shared Assessments Licensee Modulo
Shared Assessments Logo tsys
Shared Assessments Licensee Telerex
Shared Assessments Licensee ControlCase
Shared Assessments Logo usbank
Shared Assessments Licensee Caanes
Shared Assessments Logo Lerner Sampson & Rothfuss
Shared Assessments Licensee CIT
Shared Assessments Logo Deloitte
Shared Assessments Licensee ZS logo
Shared Assessments Licensee BWise
Shared Assessments Logo radian
ProcessUnitybanner
Shared Assessments Logo pwc
Shared Assessments Licensee Pivot Point Security
Shared Assessments Logo first data
Shared Assessments Program licensee Churchill & Harriman logo
Shared Assessments Licensee Pro Teck
Shared Assessments Logo Goldman Sachs
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Licensee redtail
Shared Assessments Licensee Prevalent Networks
Shared Assessments Licensee BSI
Shared Assessments Licensee Protiviti
Shared Assessments Logo idexperts
Shared Assessments Licensee Identity Theft 911
Shared Assessments Licensee RSA
Shared Assessments Program licensee Indecomm logo
Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee CSI
Shared Assessments Logo ez shield
Shared Assessments Licensee White Hat