About Shared Assessments

The Shared Assessments Program has been setting the standard in vendor risk assessments since 2005

Shared Assessments, the trusted source in third party risk assurance, is a member-driven, industry-standard body with tools and best practices, that injects speed, consistency, efficiency and cost savings into the control assessment process. Shared Assessments Program members work together to eliminate redundancies and create efficiencies, giving all parties a faster, more rigorous, more efficient and less costly means of conducting security, privacy and business resiliency control assessments.

Streamlining Control Assessments

The service provider control evaluation process has long been inefficient and costly for all parties. Each outsourcing organization produces and distributes its own proprietary questionnaire to each of its service providers. Service providers strain their resources to respond to diverse client information requests. Inconsistencies from questionnaire-to-questionnaire cause delays for all parties, and time- and resource-intensive onsite assessments further burden both the outsourcer and the service provider.

In 2006, six members of the financial services industry, in conjunction with the Big 4 accounting firms and key industry service providers, set out to ease the burden on both outsourcers and third parties. Their goal was to streamline the cumbersome evaluation process and create an industry standard. The result is the Shared Assessments Program.

Establishing Global Standards

Today the Shared Assessments Program’s membership has grown well beyond its founders, and companies across the globe in a variety of industries have adopted the Shared Assessments standards.

To promote adoption of the Program’s standards, the Shared Assessments Program Tools: the Standardized Information Gathering (SIG) questionnaire, the Shared Assessments Agreed Upon Procedures (AUP): a tool for standardized onsite assessments and the Vendor Risk Management Maturity Model (VRMMM), are free to members or are available for download here.

Leading Innovative Programs

In addition to providing leading third party risk assessment program tools, Shared Assessments focuses on developing and implementing innovative programs that provide efficiencies across the industry.

One such program is Collaborative Onsite Assessments (COA), which brings together industry peers to perform a collaborative assessment on a common service provider. This program frequently results in the removal of intensive, multiple and overlapping information requests, simplifying the assessment process.

Service Provider Benefits

All of the participants in the vendor risk management lifecycle were considered during the development of the SIG and the AUP. Service providers share an equal role, along with outsourcers and assessments firms, in the ongoing development of the Program Tools helping to insure that all parties’ needs are considered. As a result, the SIG is regularly used proactively by service providers in response to RFP’s (to help demonstrate their security controls) and as a component of an annual assessment process. A How To Guide, which specifically addresses the needs of service providers, is also provided to assist in responding to client issued SIG questionnaires.

Getting Involved

Shared Assessments membership offers exciting opportunities for industry collaboration, professional development and brand visibility. Our members are organizations that outsource domestically and around the globe and understand the importance of comprehensive, industry-standard third party risk management processes. Shared Assessments membership is available to outsourcers across the industry spectrum, as well as to service providers, consulting organizations, assessment firms and international associations.

The Santa Fe Group’s Role

The Santa Fe Group manages the Shared Assessments Program, continuing its mission to provide an independent, industry-driven standard for evaluating service provider control processes. Contact us for more information.

Shared Assessments Licensee Identity Theft 911
HNE_logobw
Logo-Nasdaq_BWise-JPGbw2
kpmg-logo-web-2
Shared Assessments Licensee White Hat
logo-rsabw
el paso electric logo
fis-logo-web
Shared Assessments Licensee Rsam
Genpact-logo-web
Shared Assessments Logo sei
MetricStream logo
Online Business Systems logo
Shared Assessments Logo dtcc
PCV-logo-web
BSI Logo CMYK png bwRS
Shared Assessments Logo Iron Mountain
Viewpoint Logo
dealogic-20logo-high-20res_165x100x72_web
Shared Assessments Licensee Protiviti
sti-logo-web
Shared Assessments Logo usbank
Early Warning Logo
NationalStudentClearinghouse
crowdstrikebw
OPTIV_rgb-bw-web
Fidelity_Logobw
ez-shield-logo-web-2
Shared Assessments Licensee Caanes
prevalent-logo-web-2
SecureState165x100x72-web
Ellie Mae Logo
165x100x72-web
Shared Assessments Logo radian
Shared Assessments Logo Deloitte
Shared Assessments Logo first data
waynecounty_logo_165x100x72_web
ce_logo_bw
Shared Assessments Logo Deluxe Corp
Shared Assessments Licensee Bank of the West
Shared Assessments Logo jpmorgan
Shared Assessments Licensee Power Advocate
Shared Assessments Logo Bank Of New York Mellon
Shared Assessments Licensee LTD Financial Services
Shared Assessments Program licensee Churchill & Harriman logo
GT_logo_165x100x72_web
Shared Assessments Licensee TD Ameritrade
intralinks-logo
Shared Assessments Licensee Lockpath
enode-logobw
advance-america-logo-web-2
Shared Assessments Logo pwc
Shared Assessments Licensee ControlCase
ProcessUnitybanner
Shared Assessments Licensee Pivot Point Security
CRIF Logo
TreliantSolutions_logo_84hbwweb
Shared Assessments Logo Ernst & Young
BWSecurityScorecard165x100x72-web
Shared Assessments Licensee Pro Teck
Shared Assessments Logo yodlee
Shared Assessments Licensee ZS logo
veracode-logo-web
riskvision_logo_largebw-web
Shared Assessments Licensee ctg
Shared Assessments Licensee-Copytalk