About Shared Assessments

The Shared Assessments Program has been setting the standard in third party risk assessments since 2005

Shared Assessments, the trusted source in third party risk assurance, is a member-driven, industry-standard body with tools and best practices, that injects speed, consistency, efficiency and cost savings into the control assessment process. Shared Assessments Program members work together to eliminate redundancies and create efficiencies, giving all parties a faster, more rigorous, more efficient and less costly means of conducting security, privacy and business resiliency control assessments.

Streamlining Control Assessments

The service provider control evaluation process has long been inefficient and costly for all parties. Each outsourcing organization produces and distributes its own proprietary assessment questionnaire to each of its service providers. Service providers strain their resources to respond to diverse proprietary information requests. Inconsistencies from questionnaire to questionnaire cause delays for all parties, and time- and resource-intensive onsite assessments further burden the issuer/outsourcer and the assessee.

In 2005, six members of the financial services industry, in conjunction with the Big 4 accounting firms and key industry service providers, set out to ease the burden on both outsourcers and third parties. Their goal was to streamline the cumbersome evaluation process and create an industry standard. The result is the Shared Assessments Program.

Establishing Global Standards

Today the Shared Assessments Program’s membership has grown well beyond its founders, and companies across the globe in a variety of industries have adopted the Shared Assessments standards.

To promote adoption of the Program’s standards, the Shared Assessments Program Tools: the Standardized Information Gathering (SIG) questionnaire, the Shared Assessments Agreed Upon Procedures (AUP): a tool for standardized onsite assessments and the Vendor Risk Management Maturity Model (VRMMM), are free to members or are available for download here.

Leading Innovative Programs

In addition to providing the industry’s leading third party risk assessment Program Tools, Shared Assessments focuses on developing and implementing innovative programs that provide efficiencies across the industry.

One such program is Collaborative Onsite Assessments (COA), which brings together industry peers to perform a collaborative assessment on a common service provider. This program frequently results in the removal of intensive, multiple and overlapping information requests, simplifying the assessment process.

Service Provider Benefits

All of the participants in the vendor risk management lifecycle were considered during the development of the SIG and the AUP. Service providers share an equal role, along with outsourcers and assessments firms, in the ongoing development of the Program Tools helping to insure that all parties’ needs are considered. As a result, the SIG is regularly used proactively by service providers in response to RFP’s (to help demonstrate their security controls) and as a component of an annual assessment process. A section in the SIG How To Guide specifically addresses the needs of service providers and assists in responding to client issued SIG questionnaires.

Getting Involved

Shared Assessments membership offers exciting opportunities for industry collaboration, professional development and brand visibility. Our members are organizations that outsource domestically and around the globe and understand the importance of comprehensive, industry-standard third party risk management processes. Shared Assessments membership is available to outsourcers across the industry spectrum, as well as to service providers, consulting organizations, assessment firms and international associations.

The Santa Fe Group’s Role

The Santa Fe Group manages the Shared Assessments Program, continuing its mission to provide an independent, industry-driven standard for evaluating third party control processes. Contact us for more information.

BWSecurityScorecard165x100x72-web
Shared Assessments Logo usbank
OPTIV_rgb-bw-web
Online-Wordmark-RGB-Vertical bwweb
Stroz F_Logo_100K Web
Shared Assessments Licensee-Copytalk
intralinks-logo
Shared Assessments Licensee Pro Teck
Shared Assessments Licensee ZS logo
Shared Assessments Licensee TD Ameritrade
Ashland_Partners_LogoBW
kpmg-logo-web-2
RN_Logo_Main_CMYK-bw-web
Shared Assessments Logo first data
Shared Assessments Licensee Protiviti
Shared Assessments Licensee Caanes
sti-logo-web
Ellie Mae Logo
Shared Assessments Logo dtcc
SecureState165x100x72-web
Qualys_Logo-RS-bw2
Viewpoint Logo
waynecounty_logo_165x100x72_web
Shared Assessments Licensee Rsam
ce_logo_bw
Shared Assessments Licensee Identity Theft 911
advance-america-logo-web-2
165x100x72-web
NationalStudentClearinghouse
Shared Assessments Logo radian
MetricStream logo
Shared Assessments Licensee ControlCase
riskvision_logo_largebw-web
Shared Assessments Logo Deluxe Corp
prevalent-logo-web-2
BSI Logo CMYK png bwRS
Shared Assessments Licensee White Hat
veracode-logo-web
HNE_logobw
ProcessUnitybanner
CyberCura 84x84 Logoweb
acupay_176x84-bw-web
CRIF Logo
Genpact-logo-web
TreliantSolutions_logo_84hbwweb
ez-shield-logo-web-2
Shared Assessments Logo Ernst & Young
logo-rsabw
enode-logobw
Shared Assessments Logo Bank Of New York Mellon
CoalfireLogo_OrangeBWWeb
Shared Assessments Logo yodlee
Shared Assessments Licensee Bank of the West
el paso electric logo
Shared Assessments Licensee Lockpath
Shared Assessments Licensee ctg
Logo-Nasdaq_BWise-JPGbw2
PCV-logo-web
GT_logo_165x100x72_web
Shared Assessments Licensee Power Advocate
Shared Assessments Logo sei
fis-logo-web
Early Warning Logo
Shared Assessments Program licensee Churchill & Harriman logo
Fidelity_Logobw
dealogic-20logo-high-20res_165x100x72_web
Shared Assessments Logo Deloitte
Shared Assessments Logo Iron Mountain
Shared Assessments Licensee Pivot Point Security
crowdstrikebw
Shared Assessments Logo pwc