Having trouble seeing our email? View it online
shared assessments logo
February 2014 Newsletter
This Month's Focus: Shared Assessments Launches
New 2014 Program Tools
Scrutiny Increases on Third Party Risks
2013 will go down as an extremely unusual year as an unprecedented amount of attention was placed on a single risk area—third party risk.
Beginning with the Consumer Financial Protection Bureau (CFPB) guidance in April and ending with the Federal Reserve guidance in December, both regulatory agencies and standards bodies alike found it necessary to sharpen their focus on the need to better manage outsourced services. The list of regulators and standards bodies expanding their look at third party risk is impressive: CFPB, ISO 27001/2, PCI's Payment Application Data Security Standards 3.0, Office of the Comptroller of the Currency (OCC) Third Party Risk Guidance, and NIST's Cybersecurity Framework. The importance of effectively managing outsourced services was further driven home by the most recent round of data breaches at Target, Neiman Marcus (and perhaps a half dozen additional retailers).
Never has there been a better time for Shared Assessments to release the newest version of it's Program Tools. Shared Assessments just announced its 2014 release, including the Standard Information Gathering (SIG) Questionnaire, Agreed Upon Procedures (AUP) and Vendor Risk Management Maturity Model (VRMMM). These Program Tools help companies:
  • Adhere to the above mentioned standards and guidances
  • Assess third party risk
  • Understand the development and maintenance of third party risk management programs
More importantly, given the volatile data breach landscape where most breaches and security incidents happen at the service provider level, these new tools assess the risks and software security-readiness of third-party service providers. Shared Assessments Tools inject standardization, consistency, speed, efficiency and cost savings into the vendor risk assessment process.
Click here to read the full article to learn more about the Program Tools and resources to effectively manage the vendor risk management lifecycle…
Visit Authorities on Risk Assurance for more on:
PCI 3.0
How Shared Assessment Is Helpful If You're ISO-27001 Certified
CFPB Ups the Ante on Third Party Risk Management
Consumer Protection and 3rd Parties
Hear from Shared Assessments and our Members at RSA Conference 2014
  • Brad Keller, SVP and Program Director, The Santa Fe Group, Advancing Information Risk Practices Seminar, Monday, February 24, 2014 | 1:00pm – 4:30pm | West | Room: 3018
  • Brad Keller, SVP and Program Director, The Santa Fe Group and Shared Assessments Co-Chair, Jonathan Dambrot, Managing Director, Prevalent Networks, Third-Party Cyber Security & Data Loss Prevention, Wednesday, February 26, 2014 | 12:00pm – 12:20pm | West | Room: 2006
  • Rocco Grillo, Managing Director & Global Leader Incident Response & Forensics Investigations, Protiviti Inc. Surviving a Security Firestorm: Tales from Those Who Have Lived Through It, Wednesday, February 26, 2014 | 10:40am – 11:40am | West | Room: 3009
Learn more and register for the RSA Conference 2014 »
Hear Santa Fe Group CEO, Catherine A. Allen, speak at the Deluxe Exchange 2014
  • Santa Fe Group CEO, Catherine A. Allen, speaking at the Deluxe Exchange 2014 | February 10-12, 2014 | Boca Raton Resort & Club, Boca Raton, FL
Learn more and register for the Deluxe Exchange 2014 »
Watch Program Director, Brad Keller and Shared Assessments Co-Chair, Jonathan Dambrot, discuss HIPAA Omnibus and BA RISK Management.
  • Brad Keller, SVP and Program Director, The Santa Fe Group and Shared Assessments Co-Chair, Jonathan Dambrot, Managing Director, Prevalent Networks HIPAA Omnibus and BA RISK Management Panel Discussion, Thursday, February 20, 2014 | 1:00pm – 1:00pm EST
Learn more and register for the HIPAA Omnibus panel discussion »
Commonly Asked Questions asked and answered here.
How can my company benefit from using the Vendor Risk Management Maturity Model (VRMMM)?
The focus of the VRMMM is to provide third party risk managers with a tool they can use to evaluate their program against a comprehensive set of best practices. Using governance as the foundational element, the model identifies the framework elements critical to a successful program. High-level components are broken down into subcomponents in a manner that makes the model adaptable across a wide spectrum of industry groups. Being able to identify specific areas for improvement the VRMMM allows companies to make well-informed decisions on how to spend limited resources to most effectively manage vendor related risks.
Check out the VRMMM Overview to learn more »
Climate Change Comes to the World of Financial Services Risk Assurance
The long awaited guidance from the Office of the Comptroller of the Currency (OCC) on third party risk management was finally issued October 31st. The primary focus of this guidance is to ensure that financial institutions properly manage third party risk throughout the full term of an outsourcing relationship.
Read more »
Shared Assessments Summit 2014
March 19-21, 2014
Royal Sonesta Hotel-Boston
Learn more and register »
Interested in Becoming a Shared Assessments Member?
Contact Joyce Crawshaw, VP Client Relations, at
(505) 466-6434 or Email
OCC Guidance 2013-29
Read more »
Download press release »
Download standards »
Federal Reserve Guidance on Managing Outsourcing Risk
Download »
ISO/IEC 27001:2013
Download »
Future Topic Suggestions
Do you have a topic you'd like to see covered in an upcoming newsletter? Send your ideas to Kelly Wagner
twitter icon linkedin icon