About Shared Assessments
The Shared Assessments Program has been setting the standard in third party risk assessments since 2005
Shared Assessments, the trusted source in third party risk assurance, is a member-driven, industry-standard body with tools and best practices, that injects speed, consistency, efficiency and cost savings into the control assessment process. Shared Assessments Program members work together to eliminate redundancies and create efficiencies, giving all parties a faster, more rigorous, more efficient and less costly means of conducting security, privacy and business resiliency control assessments.
Streamlining Control Assessments
The service provider control evaluation process has long been inefficient and costly for all parties. Each outsourcing organization produces and distributes its own proprietary assessment questionnaire to each of its service providers. Service providers strain their resources to respond to diverse proprietary information requests. Inconsistencies from questionnaire to questionnaire cause delays for all parties, and time- and resource-intensive onsite assessments further burden the issuer/outsourcer and the assessee.
In 2005, six members of the financial services industry, in conjunction with the Big 4 accounting firms and key industry service providers, set out to ease the burden on both outsourcers and third parties. Their goal was to streamline the cumbersome evaluation process and create an industry standard. The result is the Shared Assessments Program.
Establishing Global Standards
Today the Shared Assessments Program’s membership has grown well beyond its founders, and companies across the globe in a variety of industries have adopted the Shared Assessments standards.
To promote adoption of the Program’s standards, the Shared Assessments Program Tools: the Standardized Information Gathering (SIG) questionnaire, the Shared Assessments Agreed Upon Procedures (AUP): a tool for standardized onsite assessments and the Vendor Risk Management Maturity Model (VRMMM), are free to members or are available for download here.
Leading Innovative Programs
In addition to providing the industry’s leading third party risk assessment Program Tools, Shared Assessments focuses on developing and implementing innovative programs that provide efficiencies across the industry.
One such program is Collaborative Onsite Assessments (COA), which brings together industry peers to perform a collaborative assessment on a common service provider. This program frequently results in the removal of intensive, multiple and overlapping information requests, simplifying the assessment process.
Service Provider Benefits
All of the participants in the vendor risk management lifecycle were considered during the development of the SIG and the AUP. Service providers share an equal role, along with outsourcers and assessments firms, in the ongoing development of the Program Tools helping to insure that all parties’ needs are considered. As a result, the SIG is regularly used proactively by service providers in response to RFP’s (to help demonstrate their security controls) and as a component of an annual assessment process. A section in the SIG How To Guide specifically addresses the needs of service providers and assists in responding to client issued SIG questionnaires.
Shared Assessments membership offers exciting opportunities for industry collaboration, professional development and brand visibility. Our members are organizations that outsource domestically and around the globe and understand the importance of comprehensive, industry-standard third party risk management processes. Shared Assessments membership is available to outsourcers across the industry spectrum, as well as to service providers, consulting organizations, assessment firms and international associations.
The Santa Fe Group’s Role
The Santa Fe Group manages the Shared Assessments Program, continuing its mission to provide an independent, industry-driven standard for evaluating third party control processes. Contact us for more information.